FIPS Product: YES FIPS Kernel: NO FIPS Mode: NO NSS DB directory: sql:/etc/ipsec.d Initializing NSS Opening NSS database "sql:/etc/ipsec.d" read-only NSS initialized NSS crypto library initialized FIPS HMAC integrity support [enabled] FIPS mode disabled for pluto daemon FIPS HMAC integrity verification self-test FAILED libcap-ng support [enabled] Linux audit support [enabled] Linux audit activated Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:10282 core dump dir: /tmp secrets file: /etc/ipsec.secrets leak-detective disabled NSS crypto [enabled] XAUTH PAM support [enabled] | libevent is using pluto's memory allocator Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) | libevent_malloc: new ptr-libevent@0x55f33d53b8c0 size 40 | libevent_malloc: new ptr-libevent@0x55f33d53cb70 size 40 | libevent_malloc: new ptr-libevent@0x55f33d53cba0 size 40 | creating event base | libevent_malloc: new ptr-libevent@0x55f33d53cb30 size 56 | libevent_malloc: new ptr-libevent@0x55f33d53cbd0 size 664 | libevent_malloc: new ptr-libevent@0x55f33d53ce70 size 24 | libevent_malloc: new ptr-libevent@0x55f33d52e750 size 384 | libevent_malloc: new ptr-libevent@0x55f33d53ce90 size 16 | libevent_malloc: new ptr-libevent@0x55f33d53ceb0 size 40 | libevent_malloc: new ptr-libevent@0x55f33d53cee0 size 48 | libevent_realloc: new ptr-libevent@0x55f33d4bc370 size 256 | libevent_malloc: new ptr-libevent@0x55f33d53cf20 size 16 | libevent_free: release ptr-libevent@0x55f33d53cb30 | libevent initialized | libevent_realloc: new ptr-libevent@0x55f33d53cf40 size 64 | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds | init_nat_traversal() initialized with keep_alive=0s NAT-Traversal support [enabled] | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized | global one-shot timer EVENT_FREE_ROOT_CERTS initialized | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds | global one-shot timer EVENT_REVIVE_CONNS initialized | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds | encryption algorithm assertion checks | encryption algorithm AES_CCM_16, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 16, IKEv2 id: 16 | IKEv1 ESP ID id: 16 enum name: AES_CCM_C | IKEv2 ID id: 16 enum name: AES_CCM_C | encryption algorithm AES_CCM_12, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 15, IKEv2 id: 15 | IKEv1 ESP ID id: 15 enum name: AES_CCM_B | IKEv2 ID id: 15 enum name: AES_CCM_B | encryption algorithm AES_CCM_8, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 14, IKEv2 id: 14 | IKEv1 ESP ID id: 14 enum name: AES_CCM_A | IKEv2 ID id: 14 enum name: AES_CCM_A | encryption algorithm 3DES_CBC, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: 3, IKEv2 id: 3 | IKEv1 OAKLEY ID id: 5 enum name: 3DES_CBC | IKEv1 ESP ID id: 3 enum name: 3DES | IKEv2 ID id: 3 enum name: 3DES | encryption algorithm CAMELLIA_CTR, IKEv1 OAKLEY id: 24, IKEv1 ESP_INFO id: 24, IKEv2 id: 24 | IKEv1 OAKLEY ID id: 24 enum name: CAMELLIA_CTR | IKEv1 ESP ID id: 24 enum name: CAMELLIA_CTR | IKEv2 ID id: 24 enum name: CAMELLIA_CTR | encryption algorithm CAMELLIA_CBC, IKEv1 OAKLEY id: 8, IKEv1 ESP_INFO id: 22, IKEv2 id: 23 | IKEv1 OAKLEY ID id: 8 enum name: CAMELLIA_CBC | IKEv1 ESP ID id: 22 enum name: CAMELLIA | IKEv2 ID id: 23 enum name: CAMELLIA_CBC | encryption algorithm AES_GCM_16, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 20, IKEv2 id: 20 | IKEv1 ESP ID id: 20 enum name: AES_GCM_C | IKEv2 ID id: 20 enum name: AES_GCM_C | encryption algorithm AES_GCM_12, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 19, IKEv2 id: 19 | IKEv1 ESP ID id: 19 enum name: AES_GCM_B | IKEv2 ID id: 19 enum name: AES_GCM_B | encryption algorithm AES_GCM_8, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 18, IKEv2 id: 18 | IKEv1 ESP ID id: 18 enum name: AES_GCM_A | IKEv2 ID id: 18 enum name: AES_GCM_A | encryption algorithm AES_CTR, IKEv1 OAKLEY id: 13, IKEv1 ESP_INFO id: 13, IKEv2 id: 13 | IKEv1 OAKLEY ID id: 13 enum name: AES_CTR | IKEv1 ESP ID id: 13 enum name: AES_CTR | IKEv2 ID id: 13 enum name: AES_CTR | encryption algorithm AES_CBC, IKEv1 OAKLEY id: 7, IKEv1 ESP_INFO id: 12, IKEv2 id: 12 | IKEv1 OAKLEY ID id: 7 enum name: AES_CBC | IKEv1 ESP ID id: 12 enum name: AES | IKEv2 ID id: 12 enum name: AES_CBC | encryption algorithm SERPENT_CBC, IKEv1 OAKLEY id: 65004, IKEv1 ESP_INFO id: 252, IKEv2 id: 65004 | IKEv1 OAKLEY ID id: 65004 enum name: SERPENT_CBC | IKEv1 ESP ID id: 252 enum name: SERPENT | IKEv2 ID id: 65004 enum name: SERPENT_CBC | encryption algorithm TWOFISH_CBC, IKEv1 OAKLEY id: 65005, IKEv1 ESP_INFO id: 253, IKEv2 id: 65005 | IKEv1 OAKLEY ID id: 65005 enum name: TWOFISH_CBC | IKEv1 ESP ID id: 253 enum name: TWOFISH | IKEv2 ID id: 65005 enum name: TWOFISH_CBC | encryption algorithm TWOFISH_SSH, IKEv1 OAKLEY id: 65289, IKEv1 ESP_INFO id: -1, IKEv2 id: 65289 | IKEv1 OAKLEY ID id: 65289 enum name: TWOFISH_CBC_SSH | IKEv2 ID id: 65289 enum name: TWOFISH_CBC_SSH | encryption algorithm NULL_AUTH_AES_GMAC, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 23, IKEv2 id: 21 | IKEv1 ESP ID id: 23 enum name: NULL_AUTH_AES_GMAC | IKEv2 ID id: 21 enum name: NULL_AUTH_AES_GMAC | encryption algorithm NULL, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 11, IKEv2 id: 11 | IKEv1 ESP ID id: 11 enum name: NULL | IKEv2 ID id: 11 enum name: NULL | encryption algorithm CHACHA20_POLY1305, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: -1, IKEv2 id: 28 | IKEv2 ID id: 28 enum name: CHACHA20_POLY1305 Encryption algorithms: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac NULL IKEv1: ESP IKEv2: ESP [] CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 | hash algorithm assertion checks | hash algorithm MD5, IKEv1 OAKLEY id: 1, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 1 enum name: MD5 | hash algorithm SHA1, IKEv1 OAKLEY id: 2, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 2 enum name: SHA1 | hash algorithm SHA2_256, IKEv1 OAKLEY id: 4, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 4 enum name: SHA2_256 | hash algorithm SHA2_384, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 5 enum name: SHA2_384 | hash algorithm SHA2_512, IKEv1 OAKLEY id: 6, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 6 enum name: SHA2_512 Hash algorithms: MD5 IKEv1: IKE IKEv2: SHA1 IKEv1: IKE IKEv2: FIPS sha SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 | PRF algorithm assertion checks | PRF algorithm HMAC_MD5, IKEv1 OAKLEY id: 1, IKEv1 ESP_INFO id: -1, IKEv2 id: 1 | IKEv1 OAKLEY ID id: 1 enum name: MD5 | IKEv2 ID id: 1 enum name: HMAC_MD5 | PRF algorithm HMAC_SHA1, IKEv1 OAKLEY id: 2, IKEv1 ESP_INFO id: -1, IKEv2 id: 2 | IKEv1 OAKLEY ID id: 2 enum name: SHA1 | IKEv2 ID id: 2 enum name: HMAC_SHA1 | PRF algorithm HMAC_SHA2_256, IKEv1 OAKLEY id: 4, IKEv1 ESP_INFO id: -1, IKEv2 id: 5 | IKEv1 OAKLEY ID id: 4 enum name: SHA2_256 | IKEv2 ID id: 5 enum name: HMAC_SHA2_256 | PRF algorithm HMAC_SHA2_384, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: -1, IKEv2 id: 6 | IKEv1 OAKLEY ID id: 5 enum name: SHA2_384 | IKEv2 ID id: 6 enum name: HMAC_SHA2_384 | PRF algorithm HMAC_SHA2_512, IKEv1 OAKLEY id: 6, IKEv1 ESP_INFO id: -1, IKEv2 id: 7 | IKEv1 OAKLEY ID id: 6 enum name: SHA2_512 | IKEv2 ID id: 7 enum name: HMAC_SHA2_512 | PRF algorithm AES_XCBC, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: -1, IKEv2 id: 4 | IKEv2 ID id: 4 enum name: AES128_XCBC PRF algorithms: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc | integrity algorithm assertion checks | integrity algorithm HMAC_MD5_96, IKEv1 OAKLEY id: 1, IKEv1 ESP_INFO id: 1, IKEv2 id: 1 | IKEv1 OAKLEY ID id: 1 enum name: MD5 | IKEv1 ESP ID id: 1 enum name: HMAC_MD5 | IKEv2 ID id: 1 enum name: HMAC_MD5_96 | integrity algorithm HMAC_SHA1_96, IKEv1 OAKLEY id: 2, IKEv1 ESP_INFO id: 2, IKEv2 id: 2 | IKEv1 OAKLEY ID id: 2 enum name: SHA1 | IKEv1 ESP ID id: 2 enum name: HMAC_SHA1 | IKEv2 ID id: 2 enum name: HMAC_SHA1_96 | integrity algorithm HMAC_SHA2_512_256, IKEv1 OAKLEY id: 6, IKEv1 ESP_INFO id: 7, IKEv2 id: 14 | IKEv1 OAKLEY ID id: 6 enum name: SHA2_512 | IKEv1 ESP ID id: 7 enum name: HMAC_SHA2_512 | IKEv2 ID id: 14 enum name: HMAC_SHA2_512_256 | integrity algorithm HMAC_SHA2_384_192, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: 6, IKEv2 id: 13 | IKEv1 OAKLEY ID id: 5 enum name: SHA2_384 | IKEv1 ESP ID id: 6 enum name: HMAC_SHA2_384 | IKEv2 ID id: 13 enum name: HMAC_SHA2_384_192 | integrity algorithm HMAC_SHA2_256_128, IKEv1 OAKLEY id: 4, IKEv1 ESP_INFO id: 5, IKEv2 id: 12 | IKEv1 OAKLEY ID id: 4 enum name: SHA2_256 | IKEv1 ESP ID id: 5 enum name: HMAC_SHA2_256 | IKEv2 ID id: 12 enum name: HMAC_SHA2_256_128 | integrity algorithm HMAC_SHA2_256_TRUNCBUG, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 252, IKEv2 id: -1 | IKEv1 ESP ID id: 252 enum name: HMAC_SHA2_256_TRUNCBUG | integrity algorithm AES_XCBC_96, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 9, IKEv2 id: 5 | IKEv1 ESP ID id: 9 enum name: AES_XCBC | IKEv2 ID id: 5 enum name: AES_XCBC_96 | integrity algorithm AES_CMAC_96, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 250, IKEv2 id: 8 | IKEv1 ESP ID id: 250 enum name: AES_CMAC_96 | IKEv2 ID id: 8 enum name: AES_CMAC_96 | integrity algorithm NONE, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 0, IKEv2 id: 0 | IKEv1 ESP ID id: 0 enum name: NONE | IKEv2 ID id: 0 enum name: NONE Integrity algorithms: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac NONE IKEv1: ESP IKEv2: IKE ESP FIPS null | DH algorithm assertion checks | DH algorithm NONE, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: -1, IKEv2 id: 0 | IKEv2 ID id: 0 enum name: NONE | DH algorithm MODP1536, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: 5, IKEv2 id: 5 | IKEv1 OAKLEY ID id: 5 enum name: MODP1536 | IKEv1 ESP ID id: 5 enum name: MODP1536 | IKEv2 ID id: 5 enum name: MODP1536 | DH algorithm MODP2048, IKEv1 OAKLEY id: 14, IKEv1 ESP_INFO id: 14, IKEv2 id: 14 | IKEv1 OAKLEY ID id: 14 enum name: MODP2048 | IKEv1 ESP ID id: 14 enum name: MODP2048 | IKEv2 ID id: 14 enum name: MODP2048 | DH algorithm MODP3072, IKEv1 OAKLEY id: 15, IKEv1 ESP_INFO id: 15, IKEv2 id: 15 | IKEv1 OAKLEY ID id: 15 enum name: MODP3072 | IKEv1 ESP ID id: 15 enum name: MODP3072 | IKEv2 ID id: 15 enum name: MODP3072 | DH algorithm MODP4096, IKEv1 OAKLEY id: 16, IKEv1 ESP_INFO id: 16, IKEv2 id: 16 | IKEv1 OAKLEY ID id: 16 enum name: MODP4096 | IKEv1 ESP ID id: 16 enum name: MODP4096 | IKEv2 ID id: 16 enum name: MODP4096 | DH algorithm MODP6144, IKEv1 OAKLEY id: 17, IKEv1 ESP_INFO id: 17, IKEv2 id: 17 | IKEv1 OAKLEY ID id: 17 enum name: MODP6144 | IKEv1 ESP ID id: 17 enum name: MODP6144 | IKEv2 ID id: 17 enum name: MODP6144 | DH algorithm MODP8192, IKEv1 OAKLEY id: 18, IKEv1 ESP_INFO id: 18, IKEv2 id: 18 | IKEv1 OAKLEY ID id: 18 enum name: MODP8192 | IKEv1 ESP ID id: 18 enum name: MODP8192 | IKEv2 ID id: 18 enum name: MODP8192 | DH algorithm DH19, IKEv1 OAKLEY id: 19, IKEv1 ESP_INFO id: -1, IKEv2 id: 19 | IKEv1 OAKLEY ID id: 19 enum name: ECP_256 | IKEv2 ID id: 19 enum name: ECP_256 | DH algorithm DH20, IKEv1 OAKLEY id: 20, IKEv1 ESP_INFO id: -1, IKEv2 id: 20 | IKEv1 OAKLEY ID id: 20 enum name: ECP_384 | IKEv2 ID id: 20 enum name: ECP_384 | DH algorithm DH21, IKEv1 OAKLEY id: 21, IKEv1 ESP_INFO id: -1, IKEv2 id: 21 | IKEv1 OAKLEY ID id: 21 enum name: ECP_521 | IKEv2 ID id: 21 enum name: ECP_521 | DH algorithm DH31, IKEv1 OAKLEY id: 31, IKEv1 ESP_INFO id: -1, IKEv2 id: 31 | IKEv1 OAKLEY ID id: 31 enum name: CURVE25519 | IKEv2 ID id: 31 enum name: CURVE25519 DH algorithms: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 testing CAMELLIA_CBC: Camellia: 16 bytes with 128-bit key | decode_to_chunk: raw_key: input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be601a0 | result: symkey-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60188 | result: symkey-key@0x55f33d53e7c0 (16-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x55f33d540040 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: ciphertext: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | decode_to_chunk: cipertext: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x55f33d53e7c0 | test_ctr_vector: Camellia: 16 bytes with 128-bit key passed Camellia: 16 bytes with 128-bit key | decode_to_chunk: raw_key: input "0x00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF" | decode_to_chunk: output: | 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be601a0 | result: symkey-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60188 | result: symkey-key@0x55f33d53e7c0 (16-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x55f33d540040 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 " | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: ciphertext: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | decode_to_chunk: cipertext: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 " | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x55f33d53e7c0 | test_ctr_vector: Camellia: 16 bytes with 128-bit key passed Camellia: 16 bytes with 256-bit key | decode_to_chunk: raw_key: input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be601a0 | result: symkey-key@0x55f33d540040 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x55f33d540040 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60188 | result: symkey-key@0x55f33d53e7c0 (32-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x55f33d540040 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: ciphertext: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | decode_to_chunk: cipertext: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x55f33d53e7c0 | test_ctr_vector: Camellia: 16 bytes with 256-bit key passed Camellia: 16 bytes with 256-bit key | decode_to_chunk: raw_key: input "0x00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF FF EE DD CC BB AA 99 88 77 66 55 44 33 22 11 00" | decode_to_chunk: output: | 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff | ff ee dd cc bb aa 99 88 77 66 55 44 33 22 11 00 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be601a0 | result: symkey-key@0x55f33d540040 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x55f33d540040 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60188 | result: symkey-key@0x55f33d53e7c0 (32-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x55f33d540040 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: ciphertext: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | decode_to_chunk: cipertext: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x55f33d53e7c0 | test_ctr_vector: Camellia: 16 bytes with 256-bit key passed testing AES_GCM_16: empty string | decode_to_chunk: raw_key: input "0xcf063a34d4a9a76c2c86787d3f96db71" | decode_to_chunk: output: | cf 06 3a 34 d4 a9 a7 6c 2c 86 78 7d 3f 96 db 71 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60140 | result: symkey-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60128 | result: symkey-key@0x55f33d53e7c0 (16-bytes, AES_GCM) | symkey: release tmp-key@0x55f33d540040 | decode_to_chunk: salted IV: input "0x113b9785971864c83b01c787" | decode_to_chunk: output: | 11 3b 97 85 97 18 64 c8 3b 01 c7 87 | decode_to_chunk: AAD: input "" | decode_to_chunk: output: | | decode_to_chunk: plaintext: input "" | decode_to_chunk: output: | | decode_to_chunk: ciphertext: input "" | decode_to_chunk: output: | | decode_to_chunk: tag: input "0x72ac8493e3a5228b5d130a69d2510e42" | decode_to_chunk: output: | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | test_gcm_vector: decrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=0 tag-size=16 | test_gcm_vector: text+tag on call | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | test_gcm_vector: encrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=0 tag-size=16 | test_gcm_vector: text+tag on call | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | test_gcm_vector: release sym_key-key@0x55f33d53e7c0 | test_gcm_vector: passed one block | decode_to_chunk: raw_key: input "0xe98b72a9881a84ca6b76e0f43e68647a" | decode_to_chunk: output: | e9 8b 72 a9 88 1a 84 ca 6b 76 e0 f4 3e 68 64 7a | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60140 | result: symkey-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60128 | result: symkey-key@0x55f33d53e7c0 (16-bytes, AES_GCM) | symkey: release tmp-key@0x55f33d540040 | decode_to_chunk: salted IV: input "0x8b23299fde174053f3d652ba" | decode_to_chunk: output: | 8b 23 29 9f de 17 40 53 f3 d6 52 ba | decode_to_chunk: AAD: input "" | decode_to_chunk: output: | | decode_to_chunk: plaintext: input "0x28286a321293253c3e0aa2704a278032" | decode_to_chunk: output: | 28 28 6a 32 12 93 25 3c 3e 0a a2 70 4a 27 80 32 | decode_to_chunk: ciphertext: input "0x5a3c1cf1985dbb8bed818036fdd5ab42" | decode_to_chunk: output: | 5a 3c 1c f1 98 5d bb 8b ed 81 80 36 fd d5 ab 42 | decode_to_chunk: tag: input "0x23c7ab0f952b7091cd324835043b5eb5" | decode_to_chunk: output: | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | test_gcm_vector: decrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=16 tag-size=16 | test_gcm_vector: text+tag on call | 5a 3c 1c f1 98 5d bb 8b ed 81 80 36 fd d5 ab 42 | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 28 28 6a 32 12 93 25 3c 3e 0a a2 70 4a 27 80 32 | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | test_gcm_vector: encrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=16 tag-size=16 | test_gcm_vector: text+tag on call | 28 28 6a 32 12 93 25 3c 3e 0a a2 70 4a 27 80 32 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 5a 3c 1c f1 98 5d bb 8b ed 81 80 36 fd d5 ab 42 | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | test_gcm_vector: release sym_key-key@0x55f33d53e7c0 | test_gcm_vector: passed two blocks | decode_to_chunk: raw_key: input "0xbfd414a6212958a607a0f5d3ab48471d" | decode_to_chunk: output: | bf d4 14 a6 21 29 58 a6 07 a0 f5 d3 ab 48 47 1d | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60140 | result: symkey-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60128 | result: symkey-key@0x55f33d53e7c0 (16-bytes, AES_GCM) | symkey: release tmp-key@0x55f33d540040 | decode_to_chunk: salted IV: input "0x86d8ea0ab8e40dcc481cd0e2" | decode_to_chunk: output: | 86 d8 ea 0a b8 e4 0d cc 48 1c d0 e2 | decode_to_chunk: AAD: input "" | decode_to_chunk: output: | | decode_to_chunk: plaintext: input "0xa6b76a066e63392c9443e60272ceaeb9d25c991b0f2e55e2804e168c05ea591a" | decode_to_chunk: output: | a6 b7 6a 06 6e 63 39 2c 94 43 e6 02 72 ce ae b9 | d2 5c 99 1b 0f 2e 55 e2 80 4e 16 8c 05 ea 59 1a | decode_to_chunk: ciphertext: input "0x62171db33193292d930bf6647347652c1ef33316d7feca99d54f1db4fcf513f8" | decode_to_chunk: output: | 62 17 1d b3 31 93 29 2d 93 0b f6 64 73 47 65 2c | 1e f3 33 16 d7 fe ca 99 d5 4f 1d b4 fc f5 13 f8 | decode_to_chunk: tag: input "0xc28280aa5c6c7a8bd366f28c1cfd1f6e" | decode_to_chunk: output: | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | test_gcm_vector: decrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=32 tag-size=16 | test_gcm_vector: text+tag on call | 62 17 1d b3 31 93 29 2d 93 0b f6 64 73 47 65 2c | 1e f3 33 16 d7 fe ca 99 d5 4f 1d b4 fc f5 13 f8 | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | a6 b7 6a 06 6e 63 39 2c 94 43 e6 02 72 ce ae b9 | d2 5c 99 1b 0f 2e 55 e2 80 4e 16 8c 05 ea 59 1a | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | test_gcm_vector: encrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=32 tag-size=16 | test_gcm_vector: text+tag on call | a6 b7 6a 06 6e 63 39 2c 94 43 e6 02 72 ce ae b9 | d2 5c 99 1b 0f 2e 55 e2 80 4e 16 8c 05 ea 59 1a | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 62 17 1d b3 31 93 29 2d 93 0b f6 64 73 47 65 2c | 1e f3 33 16 d7 fe ca 99 d5 4f 1d b4 fc f5 13 f8 | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | test_gcm_vector: release sym_key-key@0x55f33d53e7c0 | test_gcm_vector: passed two blocks with associated data | decode_to_chunk: raw_key: input "0x006c458100fc5f4d62949d2c833b82d1" | decode_to_chunk: output: | 00 6c 45 81 00 fc 5f 4d 62 94 9d 2c 83 3b 82 d1 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60140 | result: symkey-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60128 | result: symkey-key@0x55f33d53e7c0 (16-bytes, AES_GCM) | symkey: release tmp-key@0x55f33d540040 | decode_to_chunk: salted IV: input "0xa4e9c4bc5725a21ff42c82b2" | decode_to_chunk: output: | a4 e9 c4 bc 57 25 a2 1f f4 2c 82 b2 | decode_to_chunk: AAD: input "0x2efb14fb3657cdd6b9a8ff1a5f5a39b9" | decode_to_chunk: output: | 2e fb 14 fb 36 57 cd d6 b9 a8 ff 1a 5f 5a 39 b9 | decode_to_chunk: plaintext: input "0xf381d3bfbee0a879f7a4e17b623278cedd6978053dd313530a18f1a836100950" | decode_to_chunk: output: | f3 81 d3 bf be e0 a8 79 f7 a4 e1 7b 62 32 78 ce | dd 69 78 05 3d d3 13 53 0a 18 f1 a8 36 10 09 50 | decode_to_chunk: ciphertext: input "0xf39b4db3542d8542fb73fd2d66be568f26d7f814b3f87d1eceac3dd09a8d697e" | decode_to_chunk: output: | f3 9b 4d b3 54 2d 85 42 fb 73 fd 2d 66 be 56 8f | 26 d7 f8 14 b3 f8 7d 1e ce ac 3d d0 9a 8d 69 7e | decode_to_chunk: tag: input "0x39f045cb23b698c925db134d56c5" | decode_to_chunk: output: | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | test_gcm_vector: decrypt: aad-size=16 salt-size=4 wire-IV-size=8 text-size=32 tag-size=14 | test_gcm_vector: text+tag on call | f3 9b 4d b3 54 2d 85 42 fb 73 fd 2d 66 be 56 8f | 26 d7 f8 14 b3 f8 7d 1e ce ac 3d d0 9a 8d 69 7e | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | f3 81 d3 bf be e0 a8 79 f7 a4 e1 7b 62 32 78 ce | dd 69 78 05 3d d3 13 53 0a 18 f1 a8 36 10 09 50 | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | test_gcm_vector: encrypt: aad-size=16 salt-size=4 wire-IV-size=8 text-size=32 tag-size=14 | test_gcm_vector: text+tag on call | f3 81 d3 bf be e0 a8 79 f7 a4 e1 7b 62 32 78 ce | dd 69 78 05 3d d3 13 53 0a 18 f1 a8 36 10 09 50 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | f3 9b 4d b3 54 2d 85 42 fb 73 fd 2d 66 be 56 8f | 26 d7 f8 14 b3 f8 7d 1e ce ac 3d d0 9a 8d 69 7e | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | test_gcm_vector: release sym_key-key@0x55f33d53e7c0 | test_gcm_vector: passed testing AES_CTR: Encrypting 16 octets using AES-CTR with 128-bit key | decode_to_chunk: raw_key: input "0x AE 68 52 F8 12 10 67 CC 4B F7 A5 76 55 77 F3 9E" | decode_to_chunk: output: | ae 68 52 f8 12 10 67 cc 4b f7 a5 76 55 77 f3 9e | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be601a0 | result: symkey-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60188 | result: symkey-key@0x55f33d53e7c0 (16-bytes, AES_CTR) | symkey: release tmp-key@0x55f33d540040 | decode_to_chunk: input counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: Ciphertext: input "0x E4 09 5D 4F B7 A7 B3 79 2D 61 75 A3 26 13 11 B8" | decode_to_chunk: output: | e4 09 5d 4f b7 a7 b3 79 2d 61 75 a3 26 13 11 b8 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x E4 09 5D 4F B7 A7 B3 79 2D 61 75 A3 26 13 11 B8" | decode_to_chunk: output: | e4 09 5d 4f b7 a7 b3 79 2d 61 75 a3 26 13 11 b8 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x55f33d53e7c0 | test_ctr_vector: Encrypting 16 octets using AES-CTR with 128-bit key passed Encrypting 32 octets using AES-CTR with 128-bit key | decode_to_chunk: raw_key: input "0x 7E 24 06 78 17 FA E0 D7 43 D6 CE 1F 32 53 91 63" | decode_to_chunk: output: | 7e 24 06 78 17 fa e0 d7 43 d6 ce 1f 32 53 91 63 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be601a0 | result: symkey-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60188 | result: symkey-key@0x55f33d53e7c0 (16-bytes, AES_CTR) | symkey: release tmp-key@0x55f33d540040 | decode_to_chunk: input counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 01" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: Ciphertext: input "0x51 04 A1 06 16 8A 72 D9 79 0D 41 EE 8E DA D3 88EB 2E 1E FC 46 DA 57 C8 FC E6 30 DF 91 41 BE 28" | decode_to_chunk: output: | 51 04 a1 06 16 8a 72 d9 79 0d 41 ee 8e da d3 88 | eb 2e 1e fc 46 da 57 c8 fc e6 30 df 91 41 be 28 | decode_to_chunk: expected counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 03" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 01" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x51 04 A1 06 16 8A 72 D9 79 0D 41 EE 8E DA D3 88EB 2E 1E FC 46 DA 57 C8 FC E6 30 DF 91 41 BE 28" | decode_to_chunk: output: | 51 04 a1 06 16 8a 72 d9 79 0d 41 ee 8e da d3 88 | eb 2e 1e fc 46 da 57 c8 fc e6 30 df 91 41 be 28 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: expected counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 03" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x55f33d53e7c0 | test_ctr_vector: Encrypting 32 octets using AES-CTR with 128-bit key passed Encrypting 36 octets using AES-CTR with 128-bit key | decode_to_chunk: raw_key: input "0x 76 91 BE 03 5E 50 20 A8 AC 6E 61 85 29 F9 A0 DC" | decode_to_chunk: output: | 76 91 be 03 5e 50 20 a8 ac 6e 61 85 29 f9 a0 dc | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be601a0 | result: symkey-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60188 | result: symkey-key@0x55f33d53e7c0 (16-bytes, AES_CTR) | symkey: release tmp-key@0x55f33d540040 | decode_to_chunk: input counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 01" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: Ciphertext: input "0xC1 CF 48 A8 9F 2F FD D9 CF 46 52 E9 EF DB 72 D745 40 A4 2B DE 6D 78 36 D5 9A 5C EA AE F3 10 5325 B2 07 2F" | decode_to_chunk: output: | c1 cf 48 a8 9f 2f fd d9 cf 46 52 e9 ef db 72 d7 | 45 40 a4 2b de 6d 78 36 d5 9a 5c ea ae f3 10 53 | 25 b2 07 2f | decode_to_chunk: expected counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 04" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 01" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 01 | decode_to_chunk: Ciphertext: input "0xC1 CF 48 A8 9F 2F FD D9 CF 46 52 E9 EF DB 72 D745 40 A4 2B DE 6D 78 36 D5 9A 5C EA AE F3 10 5325 B2 07 2F" | decode_to_chunk: output: | c1 cf 48 a8 9f 2f fd d9 cf 46 52 e9 ef db 72 d7 | 45 40 a4 2b de 6d 78 36 d5 9a 5c ea ae f3 10 53 | 25 b2 07 2f | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: expected counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 04" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x55f33d53e7c0 | test_ctr_vector: Encrypting 36 octets using AES-CTR with 128-bit key passed Encrypting 16 octets using AES-CTR with 192-bit key | decode_to_chunk: raw_key: input "0x16 AF 5B 14 5F C9 F5 79 C1 75 F9 3E 3B FB 0E ED86 3D 06 CC FD B7 85 15" | decode_to_chunk: output: | 16 af 5b 14 5f c9 f5 79 c1 75 f9 3e 3b fb 0e ed | 86 3d 06 cc fd b7 85 15 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be601a0 | result: symkey-key@0x55f33d540040 (40-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x55f33d540040 (40-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60188 | result: symkey-key@0x55f33d53e7c0 (24-bytes, AES_CTR) | symkey: release tmp-key@0x55f33d540040 | decode_to_chunk: input counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 01" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 01 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: Ciphertext: input "0x 4B 55 38 4F E2 59 C9 C8 4E 79 35 A0 03 CB E9 28" | decode_to_chunk: output: | 4b 55 38 4f e2 59 c9 c8 4e 79 35 a0 03 cb e9 28 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 02" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 01" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x 4B 55 38 4F E2 59 C9 C8 4E 79 35 A0 03 CB E9 28" | decode_to_chunk: output: | 4b 55 38 4f e2 59 c9 c8 4e 79 35 a0 03 cb e9 28 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 02" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x55f33d53e7c0 | test_ctr_vector: Encrypting 16 octets using AES-CTR with 192-bit key passed Encrypting 32 octets using AES-CTR with 192-bit key | decode_to_chunk: raw_key: input "0x7C 5C B2 40 1B 3D C3 3C 19 E7 34 08 19 E0 F6 9C67 8C 3D B8 E6 F6 A9 1A" | decode_to_chunk: output: | 7c 5c b2 40 1b 3d c3 3c 19 e7 34 08 19 e0 f6 9c | 67 8c 3d b8 e6 f6 a9 1a | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be601a0 | result: symkey-key@0x55f33d540040 (40-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x55f33d540040 (40-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60188 | result: symkey-key@0x55f33d53e7c0 (24-bytes, AES_CTR) | symkey: release tmp-key@0x55f33d540040 | decode_to_chunk: input counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 01" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: Ciphertext: input "0x45 32 43 FC 60 9B 23 32 7E DF AA FA 71 31 CD 9F84 90 70 1C 5A D4 A7 9C FC 1F E0 FF 42 F4 FB 00" | decode_to_chunk: output: | 45 32 43 fc 60 9b 23 32 7e df aa fa 71 31 cd 9f | 84 90 70 1c 5a d4 a7 9c fc 1f e0 ff 42 f4 fb 00 | decode_to_chunk: expected counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 03" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 01" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x45 32 43 FC 60 9B 23 32 7E DF AA FA 71 31 CD 9F84 90 70 1C 5A D4 A7 9C FC 1F E0 FF 42 F4 FB 00" | decode_to_chunk: output: | 45 32 43 fc 60 9b 23 32 7e df aa fa 71 31 cd 9f | 84 90 70 1c 5a d4 a7 9c fc 1f e0 ff 42 f4 fb 00 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: expected counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 03" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x55f33d53e7c0 | test_ctr_vector: Encrypting 32 octets using AES-CTR with 192-bit key passed Encrypting 36 octets using AES-CTR with 192-bit key | decode_to_chunk: raw_key: input "0x02 BF 39 1E E8 EC B1 59 B9 59 61 7B 09 65 27 9BF5 9B 60 A7 86 D3 E0 FE" | decode_to_chunk: output: | 02 bf 39 1e e8 ec b1 59 b9 59 61 7b 09 65 27 9b | f5 9b 60 a7 86 d3 e0 fe | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be601a0 | result: symkey-key@0x55f33d540040 (40-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x55f33d540040 (40-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60188 | result: symkey-key@0x55f33d53e7c0 (24-bytes, AES_CTR) | symkey: release tmp-key@0x55f33d540040 | decode_to_chunk: input counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 01" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: Ciphertext: input "0x96 89 3F C5 5E 5C 72 2F 54 0B 7D D1 DD F7 E7 58D2 88 BC 95 C6 91 65 88 45 36 C8 11 66 2F 21 88AB EE 09 35" | decode_to_chunk: output: | 96 89 3f c5 5e 5c 72 2f 54 0b 7d d1 dd f7 e7 58 | d2 88 bc 95 c6 91 65 88 45 36 c8 11 66 2f 21 88 | ab ee 09 35 | decode_to_chunk: expected counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 04" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 01" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x96 89 3F C5 5E 5C 72 2F 54 0B 7D D1 DD F7 E7 58D2 88 BC 95 C6 91 65 88 45 36 C8 11 66 2F 21 88AB EE 09 35" | decode_to_chunk: output: | 96 89 3f c5 5e 5c 72 2f 54 0b 7d d1 dd f7 e7 58 | d2 88 bc 95 c6 91 65 88 45 36 c8 11 66 2f 21 88 | ab ee 09 35 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: expected counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 04" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x55f33d53e7c0 | test_ctr_vector: Encrypting 36 octets using AES-CTR with 192-bit key passed Encrypting 16 octets using AES-CTR with 256-bit key | decode_to_chunk: raw_key: input "0x77 6B EF F2 85 1D B0 6F 4C 8A 05 42 C8 69 6F 6C6A 81 AF 1E EC 96 B4 D3 7F C1 D6 89 E6 C1 C1 04" | decode_to_chunk: output: | 77 6b ef f2 85 1d b0 6f 4c 8a 05 42 c8 69 6f 6c | 6a 81 af 1e ec 96 b4 d3 7f c1 d6 89 e6 c1 c1 04 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be601a0 | result: symkey-key@0x55f33d540040 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x55f33d540040 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60188 | result: symkey-key@0x55f33d53e7c0 (32-bytes, AES_CTR) | symkey: release tmp-key@0x55f33d540040 | decode_to_chunk: input counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 01" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 01 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: Ciphertext: input "0x 14 5A D0 1D BF 82 4E C7 56 08 63 DC 71 E3 E0 C0" | decode_to_chunk: output: | 14 5a d0 1d bf 82 4e c7 56 08 63 dc 71 e3 e0 c0 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 02" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 01" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x 14 5A D0 1D BF 82 4E C7 56 08 63 DC 71 E3 E0 C0" | decode_to_chunk: output: | 14 5a d0 1d bf 82 4e c7 56 08 63 dc 71 e3 e0 c0 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 02" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x55f33d53e7c0 | test_ctr_vector: Encrypting 16 octets using AES-CTR with 256-bit key passed Encrypting 32 octets using AES-CTR with 256-bit key | decode_to_chunk: raw_key: input "0xF6 D6 6D 6B D5 2D 59 BB 07 96 36 58 79 EF F8 86C6 6D D5 1A 5B 6A 99 74 4B 50 59 0C 87 A2 38 84" | decode_to_chunk: output: | f6 d6 6d 6b d5 2d 59 bb 07 96 36 58 79 ef f8 86 | c6 6d d5 1a 5b 6a 99 74 4b 50 59 0c 87 a2 38 84 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be601a0 | result: symkey-key@0x55f33d540040 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x55f33d540040 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60188 | result: symkey-key@0x55f33d53e7c0 (32-bytes, AES_CTR) | symkey: release tmp-key@0x55f33d540040 | decode_to_chunk: input counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 01" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: Ciphertext: input "0xF0 5E 23 1B 38 94 61 2C 49 EE 00 0B 80 4E B2 A9B8 30 6B 50 8F 83 9D 6A 55 30 83 1D 93 44 AF 1C" | decode_to_chunk: output: | f0 5e 23 1b 38 94 61 2c 49 ee 00 0b 80 4e b2 a9 | b8 30 6b 50 8f 83 9d 6a 55 30 83 1d 93 44 af 1c | decode_to_chunk: expected counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 03" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 01" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 01 | decode_to_chunk: Ciphertext: input "0xF0 5E 23 1B 38 94 61 2C 49 EE 00 0B 80 4E B2 A9B8 30 6B 50 8F 83 9D 6A 55 30 83 1D 93 44 AF 1C" | decode_to_chunk: output: | f0 5e 23 1b 38 94 61 2c 49 ee 00 0b 80 4e b2 a9 | b8 30 6b 50 8f 83 9d 6a 55 30 83 1d 93 44 af 1c | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: expected counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 03" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x55f33d53e7c0 | test_ctr_vector: Encrypting 32 octets using AES-CTR with 256-bit key passed Encrypting 36 octets using AES-CTR with 256-bit key | decode_to_chunk: raw_key: input "0xFF 7A 61 7C E6 91 48 E4 F1 72 6E 2F 43 58 1D E2AA 62 D9 F8 05 53 2E DF F1 EE D6 87 FB 54 15 3D" | decode_to_chunk: output: | ff 7a 61 7c e6 91 48 e4 f1 72 6e 2f 43 58 1d e2 | aa 62 d9 f8 05 53 2e df f1 ee d6 87 fb 54 15 3d | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be601a0 | result: symkey-key@0x55f33d540040 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x55f33d540040 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60188 | result: symkey-key@0x55f33d53e7c0 (32-bytes, AES_CTR) | symkey: release tmp-key@0x55f33d540040 | decode_to_chunk: input counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 01" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: Ciphertext: input "0xEB 6C 52 82 1D 0B BB F7 CE 75 94 46 2A CA 4F AAB4 07 DF 86 65 69 FD 07 F4 8C C0 B5 83 D6 07 1F1E C0 E6 B8" | decode_to_chunk: output: | eb 6c 52 82 1d 0b bb f7 ce 75 94 46 2a ca 4f aa | b4 07 df 86 65 69 fd 07 f4 8c c0 b5 83 d6 07 1f | 1e c0 e6 b8 | decode_to_chunk: expected counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 04" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 01" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 01 | decode_to_chunk: Ciphertext: input "0xEB 6C 52 82 1D 0B BB F7 CE 75 94 46 2A CA 4F AAB4 07 DF 86 65 69 FD 07 F4 8C C0 B5 83 D6 07 1F1E C0 E6 B8" | decode_to_chunk: output: | eb 6c 52 82 1d 0b bb f7 ce 75 94 46 2a ca 4f aa | b4 07 df 86 65 69 fd 07 f4 8c c0 b5 83 d6 07 1f | 1e c0 e6 b8 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: expected counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 04" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x55f33d53e7c0 | test_ctr_vector: Encrypting 36 octets using AES-CTR with 256-bit key passed testing AES_CBC: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0x06a9214036b8a15b512e03d534120006" | decode_to_chunk: output: | 06 a9 21 40 36 b8 a1 5b 51 2e 03 d5 34 12 00 06 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be601a0 | result: symkey-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60188 | result: symkey-key@0x55f33d53e7c0 (16-bytes, AES_CBC) | symkey: release tmp-key@0x55f33d540040 | decode_to_chunk: IV: : input "0x3dafba429d9eb430b422da802c9fac41" | decode_to_chunk: output: | 3d af ba 42 9d 9e b4 30 b4 22 da 80 2c 9f ac 41 | decode_to_chunk: new IV: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | decode_to_chunk: plaintext: : input "Single block msg" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: ciphertext: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x3dafba429d9eb430b422da802c9fac41" | decode_to_chunk: output: | 3d af ba 42 9d 9e b4 30 b4 22 da 80 2c 9f ac 41 | decode_to_chunk: new IV: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | decode_to_chunk: cipertext: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | decode_to_chunk: plaintext: : input "Single block msg" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x55f33d53e7c0 | test_ctr_vector: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key passed Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0xc286696d887c9aa0611bbb3e2025a45a" | decode_to_chunk: output: | c2 86 69 6d 88 7c 9a a0 61 1b bb 3e 20 25 a4 5a | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be601a0 | result: symkey-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60188 | result: symkey-key@0x55f33d53e7c0 (16-bytes, AES_CBC) | symkey: release tmp-key@0x55f33d540040 | decode_to_chunk: IV: : input "0x562e17996d093d28ddb3ba695a2e6f58" | decode_to_chunk: output: | 56 2e 17 99 6d 09 3d 28 dd b3 ba 69 5a 2e 6f 58 | decode_to_chunk: new IV: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | decode_to_chunk: plaintext: : input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: ciphertext: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x562e17996d093d28ddb3ba695a2e6f58" | decode_to_chunk: output: | 56 2e 17 99 6d 09 3d 28 dd b3 ba 69 5a 2e 6f 58 | decode_to_chunk: new IV: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | decode_to_chunk: cipertext: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | decode_to_chunk: plaintext: : input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x55f33d53e7c0 | test_ctr_vector: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key passed Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0x6c3ea0477630ce21a2ce334aa746c2cd" | decode_to_chunk: output: | 6c 3e a0 47 76 30 ce 21 a2 ce 33 4a a7 46 c2 cd | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be601a0 | result: symkey-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60188 | result: symkey-key@0x55f33d53e7c0 (16-bytes, AES_CBC) | symkey: release tmp-key@0x55f33d540040 | decode_to_chunk: IV: : input "0xc782dc4c098c66cbd9cd27d825682c81" | decode_to_chunk: output: | c7 82 dc 4c 09 8c 66 cb d9 cd 27 d8 25 68 2c 81 | decode_to_chunk: new IV: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | decode_to_chunk: plaintext: : input "This is a 48-byte message (exactly 3 AES blocks)" | decode_to_chunk: output: | 54 68 69 73 20 69 73 20 61 20 34 38 2d 62 79 74 | 65 20 6d 65 73 73 61 67 65 20 28 65 78 61 63 74 | 6c 79 20 33 20 41 45 53 20 62 6c 6f 63 6b 73 29 | decode_to_chunk: ciphertext: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0xc782dc4c098c66cbd9cd27d825682c81" | decode_to_chunk: output: | c7 82 dc 4c 09 8c 66 cb d9 cd 27 d8 25 68 2c 81 | decode_to_chunk: new IV: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | decode_to_chunk: cipertext: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | decode_to_chunk: plaintext: : input "This is a 48-byte message (exactly 3 AES blocks)" | decode_to_chunk: output: | 54 68 69 73 20 69 73 20 61 20 34 38 2d 62 79 74 | 65 20 6d 65 73 73 61 67 65 20 28 65 78 61 63 74 | 6c 79 20 33 20 41 45 53 20 62 6c 6f 63 6b 73 29 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x55f33d53e7c0 | test_ctr_vector: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key passed Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0x56e47a38c5598974bc46903dba290349" | decode_to_chunk: output: | 56 e4 7a 38 c5 59 89 74 bc 46 90 3d ba 29 03 49 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be601a0 | result: symkey-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60188 | result: symkey-key@0x55f33d53e7c0 (16-bytes, AES_CBC) | symkey: release tmp-key@0x55f33d540040 | decode_to_chunk: IV: : input "0x8ce82eefbea0da3c44699ed7db51b7d9" | decode_to_chunk: output: | 8c e8 2e ef be a0 da 3c 44 69 9e d7 db 51 b7 d9 | decode_to_chunk: new IV: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | decode_to_chunk: plaintext: : input "0xa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedf" | decode_to_chunk: output: | a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af | b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf | c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf | d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df | decode_to_chunk: ciphertext: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x8ce82eefbea0da3c44699ed7db51b7d9" | decode_to_chunk: output: | 8c e8 2e ef be a0 da 3c 44 69 9e d7 db 51 b7 d9 | decode_to_chunk: new IV: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | decode_to_chunk: cipertext: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | decode_to_chunk: plaintext: : input "0xa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedf" | decode_to_chunk: output: | a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af | b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf | c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf | d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x55f33d53e7c0 | test_ctr_vector: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key passed testing AES_XCBC: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "" | decode_to_chunk: output: | | decode_to_chunk: test_prf_vector: input "0x75f0251d528ac01c4573dfd584d79f29" | decode_to_chunk: output: | 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | PRF chunk interface PRF aes_xcbc init key-chunk@0x55f33d541ae0 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60120 | result: key-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60108 | result: key-key@0x55f33d53e7c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x55f33d540040 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d53e7c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be600e8 | result: key-key@0x55f33d540040 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x55f33d53e7c0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x55f33d5418e0 | PRF chunk interface PRF aes_xcbc update message-bytes@0x55f33d53cf90 (length 0) | | XCBC: data | K extracting all 16 bytes of key@0x55f33d540040 | K: symkey-key@0x55f33d540040 (16-bytes, AES_ECB) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55f33d542510 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)2078669984: ffffffa6 38 2c ffffffa7 5d 66 4a ffffffdc 0f ffffffd6 24 ffffffb9 79 fffffff0 ffffff9e 2b | K: release slot-key-key@0x55f33d542510 | K extracted len 16 bytes at 0x55f33d541bb0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60080 | result: k1-key@0x55f33d5427a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d5427a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60068 | result: k1-key@0x55f33d53e7c0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55f33d5427a0 | Computing E[0] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] | XCBC: M[n] | XCBC: M[n]:80...^E[n-1]^K3 | 41 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | xcbc: release k1-key@0x55f33d53e7c0 | PRF chunk interface: release key-key@0x55f33d540040 | PRF chunk interface PRF aes_xcbc final-chunk@0x55f33d541900 (length 16) | 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | chunk output 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | verify_chunk_data: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: ok | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60190 | result: key symkey-key@0x55f33d53e7c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d53e7c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60178 | result: key symkey-key@0x55f33d540040 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55f33d53e7c0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x55f33d540040 (size 16) | PRF symkey interface: key symkey-key@0x55f33d540040 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d540040 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60118 | result: key symkey-key@0x55f33d53e7c0 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x55f33d5418e0 | PRF symkey interface PRF aes_xcbc update symkey message-key@(nil) (size 0) | PRF symkey interface: symkey message-key@NULL | symkey message NULL key has no bytes | XCBC: data | K extracting all 16 bytes of key@0x55f33d53e7c0 | K: symkey-key@0x55f33d53e7c0 (16-bytes, AES_ECB) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55f33d542510 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1023: ffffffa6 38 2c ffffffa7 5d 66 4a ffffffdc 0f ffffffd6 24 ffffffb9 79 fffffff0 ffffff9e 2b | K: release slot-key-key@0x55f33d542510 | K extracted len 16 bytes at 0x55f33d5425a0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be600a0 | result: k1-key@0x55f33d544090 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d544090 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60088 | result: k1-key@0x55f33d5427a0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55f33d544090 | Computing E[0] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] | XCBC: M[n] | XCBC: M[n]:80...^E[n-1]^K3 | 41 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | xcbc: release k1-key@0x55f33d5427a0 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60130 | result: xcbc-key@0x55f33d544090 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d544090 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60118 | result: xcbc-key@0x55f33d5427a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x55f33d544090 | PRF symkey interface: release key-key@0x55f33d53e7c0 | PRF symkey interface PRF aes_xcbc final-key@0x55f33d5427a0 (size 16) | PRF symkey interface: key-key@0x55f33d5427a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55f33d5427a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input extracting all 16 bytes of key@0x55f33d5427a0 | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: symkey-key@0x55f33d5427a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: new slot-key@0x55f33d542510 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)999707097: ffffffe7 0f ffffff90 ffffffc9 12 2b 78 6c 06 ffffff89 25 ffffffd3 ffffffc4 1c 7d ffffff81 | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: release slot-key-key@0x55f33d542510 | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input extracted len 16 bytes at 0x55f33d541b00 | unwrapped: 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | verify_chunk_data: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: ok | test_prf_vector: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input passed | test_prf_vector: release symkey-key@0x55f33d5427a0 | test_prf_vector: release message-key@NULL | test_prf_vector: release key-key@0x55f33d540040 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102" | decode_to_chunk: output: | 00 01 02 | decode_to_chunk: test_prf_vector: input "0x5b376580ae2f19afe7219ceef172756f" | decode_to_chunk: output: | 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | PRF chunk interface PRF aes_xcbc init key-chunk@0x55f33d5418e0 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60120 | result: key-key@0x55f33d5427a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d5427a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60108 | result: key-key@0x55f33d540040 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x55f33d5427a0 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d540040 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be600e8 | result: key-key@0x55f33d5427a0 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x55f33d540040 | PRF chunk interface PRF aes_xcbc crypt-prf@0x55f33d541d10 | PRF chunk interface PRF aes_xcbc update message-bytes@0x55f33d541b00 (length 3) | 00 01 02 | XCBC: data 00 01 02 | K extracting all 16 bytes of key@0x55f33d5427a0 | K: symkey-key@0x55f33d5427a0 (16-bytes, AES_ECB) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55f33d542510 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)2078669984: ffffffa6 38 2c ffffffa7 5d 66 4a ffffffdc 0f ffffffd6 24 ffffffb9 79 fffffff0 ffffff9e 2b | K: release slot-key-key@0x55f33d542510 | K extracted len 16 bytes at 0x55f33d541ae0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60080 | result: k1-key@0x55f33d53e7c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d53e7c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60068 | result: k1-key@0x55f33d540040 (16-bytes, AES_ECB) | k1: release tmp-key@0x55f33d53e7c0 | Computing E[1] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 | XCBC: M[n] 00 01 02 | XCBC: M[n]:80...^E[n-1]^K3 | c1 a6 a9 21 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | xcbc: release k1-key@0x55f33d540040 | PRF chunk interface: release key-key@0x55f33d5427a0 | PRF chunk interface PRF aes_xcbc final-chunk@0x55f33d5418c0 (length 16) | 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | chunk output 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | verify_chunk_data: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: ok | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60190 | result: key symkey-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60178 | result: key symkey-key@0x55f33d5427a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55f33d540040 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x55f33d5427a0 (size 16) | PRF symkey interface: key symkey-key@0x55f33d5427a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d5427a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60118 | result: key symkey-key@0x55f33d540040 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x55f33d541bb0 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60190 | result: message symkey-key@0x55f33d544090 (19-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 3 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 3-bytes | base: base-key@0x55f33d544090 (19-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60178 | result: message symkey-key@0x55f33d53e7c0 (3-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55f33d544090 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x55f33d53e7c0 (size 3) | PRF symkey interface: symkey message-key@0x55f33d53e7c0 (3-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 3 bytes of key@0x55f33d53e7c0 | symkey message: symkey-key@0x55f33d53e7c0 (3-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x55f33d542510 (3-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)2078670192: 40 ffffffdd ffffffea 27 2d ffffffb2 ffffffc1 4f 1b fffffffe ffffffc1 50 ffffffcd 42 74 ffffff84 | symkey message: release slot-key-key@0x55f33d542510 | symkey message extracted len 16 bytes at 0x55f33d542830 | unwrapped: 00 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 | K extracting all 16 bytes of key@0x55f33d540040 | K: symkey-key@0x55f33d540040 (16-bytes, AES_ECB) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55f33d542510 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: ffffffa6 38 2c ffffffa7 5d 66 4a ffffffdc 0f ffffffd6 24 ffffffb9 79 fffffff0 ffffff9e 2b | K: release slot-key-key@0x55f33d542510 | K extracted len 16 bytes at 0x55f33d541d10 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be600a0 | result: k1-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60088 | result: k1-key@0x55f33d544090 (16-bytes, AES_ECB) | k1: release tmp-key@0x55f33d545910 | Computing E[1] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 | XCBC: M[n] 00 01 02 | XCBC: M[n]:80...^E[n-1]^K3 | c1 a6 a9 21 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | xcbc: release k1-key@0x55f33d544090 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60130 | result: xcbc-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60118 | result: xcbc-key@0x55f33d544090 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x55f33d545910 | PRF symkey interface: release key-key@0x55f33d540040 | PRF symkey interface PRF aes_xcbc final-key@0x55f33d544090 (size 16) | PRF symkey interface: key-key@0x55f33d544090 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55f33d544090 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input extracting all 16 bytes of key@0x55f33d544090 | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: symkey-key@0x55f33d544090 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: new slot-key@0x55f33d542510 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)999707097: 54 ffffffa3 5b ffffffc9 17 6c ffffffac ffffff84 13 ffffffc4 78 ffffffec ffffffa5 ffffffc6 ffffffa9 39 | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: release slot-key-key@0x55f33d542510 | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input extracted len 16 bytes at 0x55f33d541d10 | unwrapped: 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | verify_chunk_data: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: ok | test_prf_vector: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input passed | test_prf_vector: release symkey-key@0x55f33d544090 | test_prf_vector: release message-key@0x55f33d53e7c0 | test_prf_vector: release key-key@0x55f33d5427a0 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0xd2a246fa349b68a79998a4394ff7a263" | decode_to_chunk: output: | d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | PRF chunk interface PRF aes_xcbc init key-chunk@0x55f33d542830 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60120 | result: key-key@0x55f33d53e7c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d53e7c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60108 | result: key-key@0x55f33d5427a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x55f33d53e7c0 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d5427a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be600e8 | result: key-key@0x55f33d53e7c0 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x55f33d5427a0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x55f33d541ae0 | PRF chunk interface PRF aes_xcbc update message-bytes@0x55f33d541d10 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | K extracting all 16 bytes of key@0x55f33d53e7c0 | K: symkey-key@0x55f33d53e7c0 (16-bytes, AES_ECB) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55f33d542510 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: ffffffa6 38 2c ffffffa7 5d 66 4a ffffffdc 0f ffffffd6 24 ffffffb9 79 fffffff0 ffffff9e 2b | K: release slot-key-key@0x55f33d542510 | K extracted len 16 bytes at 0x55f33d541b00 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60080 | result: k1-key@0x55f33d544090 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d544090 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60068 | result: k1-key@0x55f33d5427a0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55f33d544090 | XCBC: Computing E[1] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: M[n]^E[n-1]^K2 | bd 87 2d f8 93 a8 29 bf f0 b1 9b fd 0f 22 38 c4 | XCBC: MAC d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | xcbc: release k1-key@0x55f33d5427a0 | PRF chunk interface: release key-key@0x55f33d53e7c0 | PRF chunk interface PRF aes_xcbc final-chunk@0x55f33d5418c0 (length 16) | d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | chunk output d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | verify_chunk_data: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: ok | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60190 | result: key symkey-key@0x55f33d5427a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d5427a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60178 | result: key symkey-key@0x55f33d53e7c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55f33d5427a0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x55f33d53e7c0 (size 16) | PRF symkey interface: key symkey-key@0x55f33d53e7c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d53e7c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60118 | result: key symkey-key@0x55f33d5427a0 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x55f33d541900 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60190 | result: message symkey-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60178 | result: message symkey-key@0x55f33d544090 (16-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55f33d540040 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x55f33d544090 (size 16) | PRF symkey interface: symkey message-key@0x55f33d544090 (16-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 16 bytes of key@0x55f33d544090 | symkey message: symkey-key@0x55f33d544090 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x55f33d542510 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)2078670192: ffffffa6 38 2c ffffffa7 5d 66 4a ffffffdc 0f ffffffd6 24 ffffffb9 79 fffffff0 ffffff9e 2b | symkey message: release slot-key-key@0x55f33d542510 | symkey message extracted len 16 bytes at 0x55f33d5418e0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | K extracting all 16 bytes of key@0x55f33d5427a0 | K: symkey-key@0x55f33d5427a0 (16-bytes, AES_ECB) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55f33d542510 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: ffffffa6 38 2c ffffffa7 5d 66 4a ffffffdc 0f ffffffd6 24 ffffffb9 79 fffffff0 ffffff9e 2b | K: release slot-key-key@0x55f33d542510 | K extracted len 16 bytes at 0x55f33d5425a0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be600a0 | result: k1-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60088 | result: k1-key@0x55f33d540040 (16-bytes, AES_ECB) | k1: release tmp-key@0x55f33d545910 | XCBC: Computing E[1] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: M[n]^E[n-1]^K2 | bd 87 2d f8 93 a8 29 bf f0 b1 9b fd 0f 22 38 c4 | XCBC: MAC d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | xcbc: release k1-key@0x55f33d540040 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60130 | result: xcbc-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60118 | result: xcbc-key@0x55f33d540040 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x55f33d545910 | PRF symkey interface: release key-key@0x55f33d5427a0 | PRF symkey interface PRF aes_xcbc final-key@0x55f33d540040 (size 16) | PRF symkey interface: key-key@0x55f33d540040 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55f33d540040 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input extracting all 16 bytes of key@0x55f33d540040 | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: symkey-key@0x55f33d540040 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: new slot-key@0x55f33d542510 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)999707097: ffffffa8 ffffffc4 0b ffffff85 ffffffba 21 7f 4c 1c ffffffe1 ffffffe1 75 ffffff8c 3f 72 21 | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: release slot-key-key@0x55f33d542510 | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input extracted len 16 bytes at 0x55f33d5425a0 | unwrapped: d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | verify_chunk_data: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: ok | test_prf_vector: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input passed | test_prf_vector: release symkey-key@0x55f33d540040 | test_prf_vector: release message-key@0x55f33d544090 | test_prf_vector: release key-key@0x55f33d53e7c0 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x47f51b4564966215b8985c63055ed308" | decode_to_chunk: output: | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | PRF chunk interface PRF aes_xcbc init key-chunk@0x55f33d5418e0 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60120 | result: key-key@0x55f33d544090 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d544090 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60108 | result: key-key@0x55f33d53e7c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x55f33d544090 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d53e7c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be600e8 | result: key-key@0x55f33d544090 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x55f33d53e7c0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x55f33d541b00 | PRF chunk interface PRF aes_xcbc update message-bytes@0x55f33d5425a0 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x55f33d544090 | K: symkey-key@0x55f33d544090 (16-bytes, AES_ECB) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55f33d542510 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: ffffffa6 38 2c ffffffa7 5d 66 4a ffffffdc 0f ffffffd6 24 ffffffb9 79 fffffff0 ffffff9e 2b | K: release slot-key-key@0x55f33d542510 | K extracted len 16 bytes at 0x55f33d541d10 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60080 | result: k1-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60068 | result: k1-key@0x55f33d53e7c0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55f33d540040 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x55f33d53e7c0 | PRF chunk interface: release key-key@0x55f33d544090 | PRF chunk interface PRF aes_xcbc final-chunk@0x55f33d541bb0 (length 16) | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | chunk output 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: ok | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60190 | result: key symkey-key@0x55f33d53e7c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d53e7c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60178 | result: key symkey-key@0x55f33d544090 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55f33d53e7c0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x55f33d544090 (size 16) | PRF symkey interface: key symkey-key@0x55f33d544090 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d544090 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60118 | result: key symkey-key@0x55f33d53e7c0 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x55f33d541ae0 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60190 | result: message symkey-key@0x55f33d5427a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55f33d5427a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60178 | result: message symkey-key@0x55f33d540040 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55f33d5427a0 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x55f33d540040 (size 20) | PRF symkey interface: symkey message-key@0x55f33d540040 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x55f33d540040 | symkey message: symkey-key@0x55f33d540040 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x55f33d542510 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2078670192: ffffffa6 38 2c ffffffa7 5d 66 4a ffffffdc 0f ffffffd6 24 ffffffb9 79 fffffff0 ffffff9e 2b ffffffd0 3e 35 ffffff8e ffffffb7 6c 7e 48 ffffff9d ffffffe7 ffffffcf 73 ffffff9b ffffffe2 25 5a | symkey message: release slot-key-key@0x55f33d542510 | symkey message extracted len 32 bytes at 0x55f33d542170 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x55f33d53e7c0 | K: symkey-key@0x55f33d53e7c0 (16-bytes, AES_ECB) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55f33d542510 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: ffffffa6 38 2c ffffffa7 5d 66 4a ffffffdc 0f ffffffd6 24 ffffffb9 79 fffffff0 ffffff9e 2b | K: release slot-key-key@0x55f33d542510 | K extracted len 16 bytes at 0x55f33d53cf90 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be600a0 | result: k1-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60088 | result: k1-key@0x55f33d5427a0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55f33d545910 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x55f33d5427a0 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60130 | result: xcbc-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60118 | result: xcbc-key@0x55f33d5427a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x55f33d545910 | PRF symkey interface: release key-key@0x55f33d53e7c0 | PRF symkey interface PRF aes_xcbc final-key@0x55f33d5427a0 (size 16) | PRF symkey interface: key-key@0x55f33d5427a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55f33d5427a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input extracting all 16 bytes of key@0x55f33d5427a0 | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: symkey-key@0x55f33d5427a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: new slot-key@0x55f33d542510 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)999707097: ffffffb9 71 ffffffb2 fffffffc 64 ffffffb5 ffffffd1 03 1b ffffff87 ffffffb8 38 ffffffa0 5d 54 ffffffb2 | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: release slot-key-key@0x55f33d542510 | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input extracted len 16 bytes at 0x55f33d53cf90 | unwrapped: 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: ok | test_prf_vector: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input passed | test_prf_vector: release symkey-key@0x55f33d5427a0 | test_prf_vector: release message-key@0x55f33d540040 | test_prf_vector: release key-key@0x55f33d544090 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: test_prf_vector: input "0xf54f0ec8d2b9f3d36807734bd5283fd4" | decode_to_chunk: output: | f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | PRF chunk interface PRF aes_xcbc init key-chunk@0x55f33d541d10 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60120 | result: key-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60108 | result: key-key@0x55f33d544090 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x55f33d540040 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d544090 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be600e8 | result: key-key@0x55f33d540040 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x55f33d544090 | PRF chunk interface PRF aes_xcbc crypt-prf@0x55f33d53d150 | PRF chunk interface PRF aes_xcbc update message-bytes@0x55f33d53d220 (length 32) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | K extracting all 16 bytes of key@0x55f33d540040 | K: symkey-key@0x55f33d540040 (16-bytes, AES_ECB) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55f33d542510 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540619040: ffffffa6 38 2c ffffffa7 5d 66 4a ffffffdc 0f ffffffd6 24 ffffffb9 79 fffffff0 ffffff9e 2b | K: release slot-key-key@0x55f33d542510 | K extracted len 16 bytes at 0x55f33d53d080 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60080 | result: k1-key@0x55f33d5427a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d5427a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60068 | result: k1-key@0x55f33d544090 (16-bytes, AES_ECB) | k1: release tmp-key@0x55f33d5427a0 | XCBC: Computing E[2] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: M[n]^E[n-1]^K2 | b0 93 75 12 4c f5 a5 c0 b5 18 18 37 16 b2 15 67 | XCBC: MAC f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | xcbc: release k1-key@0x55f33d544090 | PRF chunk interface: release key-key@0x55f33d540040 | PRF chunk interface PRF aes_xcbc final-chunk@0x55f33d542830 (length 16) | f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | chunk output f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | verify_chunk_data: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: ok | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60190 | result: key symkey-key@0x55f33d544090 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d544090 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60178 | result: key symkey-key@0x55f33d540040 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55f33d544090 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x55f33d540040 (size 16) | PRF symkey interface: key symkey-key@0x55f33d540040 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d540040 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60118 | result: key symkey-key@0x55f33d544090 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x55f33d541900 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60190 | result: message symkey-key@0x55f33d53e7c0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x55f33d53e7c0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60178 | result: message symkey-key@0x55f33d5427a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55f33d53e7c0 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x55f33d5427a0 (size 32) | PRF symkey interface: symkey message-key@0x55f33d5427a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 32 bytes of key@0x55f33d5427a0 | symkey message: symkey-key@0x55f33d5427a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x55f33d542510 (32-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2078670192: ffffffa6 38 2c ffffffa7 5d 66 4a ffffffdc 0f ffffffd6 24 ffffffb9 79 fffffff0 ffffff9e 2b 05 ffffff97 6f ffffffa2 ffffffc7 70 31 4e ffffff98 4a 12 1f ffffff9a 47 1b ffffffa3 | symkey message: release slot-key-key@0x55f33d542510 | symkey message extracted len 32 bytes at 0x55f33d5425c0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | K extracting all 16 bytes of key@0x55f33d544090 | K: symkey-key@0x55f33d544090 (16-bytes, AES_ECB) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55f33d542510 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: ffffffa6 38 2c ffffffa7 5d 66 4a ffffffdc 0f ffffffd6 24 ffffffb9 79 fffffff0 ffffff9e 2b | K: release slot-key-key@0x55f33d542510 | K extracted len 16 bytes at 0x55f33d5425a0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be600a0 | result: k1-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60088 | result: k1-key@0x55f33d53e7c0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55f33d545910 | XCBC: Computing E[2] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: M[n]^E[n-1]^K2 | b0 93 75 12 4c f5 a5 c0 b5 18 18 37 16 b2 15 67 | XCBC: MAC f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | xcbc: release k1-key@0x55f33d53e7c0 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60130 | result: xcbc-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60118 | result: xcbc-key@0x55f33d53e7c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x55f33d545910 | PRF symkey interface: release key-key@0x55f33d544090 | PRF symkey interface PRF aes_xcbc final-key@0x55f33d53e7c0 (size 16) | PRF symkey interface: key-key@0x55f33d53e7c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55f33d53e7c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input extracting all 16 bytes of key@0x55f33d53e7c0 | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: symkey-key@0x55f33d53e7c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: new slot-key@0x55f33d542510 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)999707097: ffffff8b 69 ffffffbb fffffff3 fffffff5 fffffff0 ffffffef ffffffca ffffff81 41 ffffffff 7f ffffffc9 ffffffcf ffffffb6 50 | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: release slot-key-key@0x55f33d542510 | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input extracted len 16 bytes at 0x55f33d5425a0 | unwrapped: f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | verify_chunk_data: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: ok | test_prf_vector: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input passed | test_prf_vector: release symkey-key@0x55f33d53e7c0 | test_prf_vector: release message-key@0x55f33d5427a0 | test_prf_vector: release key-key@0x55f33d540040 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f2021" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 | decode_to_chunk: test_prf_vector: input "0xbecbb3bccdb518a30677d5481fb6b4d8" | decode_to_chunk: output: | be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | PRF chunk interface PRF aes_xcbc init key-chunk@0x55f33d541900 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60120 | result: key-key@0x55f33d5427a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d5427a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60108 | result: key-key@0x55f33d540040 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x55f33d5427a0 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d540040 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be600e8 | result: key-key@0x55f33d5427a0 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x55f33d540040 | PRF chunk interface PRF aes_xcbc crypt-prf@0x55f33d53d080 | PRF chunk interface PRF aes_xcbc update message-bytes@0x55f33d53d250 (length 34) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 20 21 | K extracting all 16 bytes of key@0x55f33d5427a0 | K: symkey-key@0x55f33d5427a0 (16-bytes, AES_ECB) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55f33d542510 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540619040: ffffffa6 38 2c ffffffa7 5d 66 4a ffffffdc 0f ffffffd6 24 ffffffb9 79 fffffff0 ffffff9e 2b | K: release slot-key-key@0x55f33d542510 | K extracted len 16 bytes at 0x55f33d53cf90 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60080 | result: k1-key@0x55f33d53e7c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d53e7c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60068 | result: k1-key@0x55f33d540040 (16-bytes, AES_ECB) | k1: release tmp-key@0x55f33d53e7c0 | Computing E[3] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 09 02 5e 5a 67 25 20 72 44 14 5c 6b 80 66 85 79 | XCBC: M[n] 20 21 | XCBC: M[n] 20 21 | XCBC: M[n]:80...^E[n-1]^K3 | e8 84 75 fb c5 1f b4 74 1c 13 fc e7 48 88 55 17 | XCBC: MAC be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | xcbc: release k1-key@0x55f33d540040 | PRF chunk interface: release key-key@0x55f33d5427a0 | PRF chunk interface PRF aes_xcbc final-chunk@0x55f33d541ae0 (length 16) | be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | chunk output be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | verify_chunk_data: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: ok | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60190 | result: key symkey-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60178 | result: key symkey-key@0x55f33d5427a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55f33d540040 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x55f33d5427a0 (size 16) | PRF symkey interface: key symkey-key@0x55f33d5427a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d5427a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60118 | result: key symkey-key@0x55f33d540040 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x55f33d541b00 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60190 | result: message symkey-key@0x55f33d544090 (50-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 34 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 34-bytes | base: base-key@0x55f33d544090 (50-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60178 | result: message symkey-key@0x55f33d53e7c0 (34-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55f33d544090 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x55f33d53e7c0 (size 34) | PRF symkey interface: symkey message-key@0x55f33d53e7c0 (34-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 34 bytes of key@0x55f33d53e7c0 | symkey message: symkey-key@0x55f33d53e7c0 (34-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x55f33d542510 (34-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)2078670192: ffffffa6 38 2c ffffffa7 5d 66 4a ffffffdc 0f ffffffd6 24 ffffffb9 79 fffffff0 ffffff9e 2b 05 ffffff97 6f ffffffa2 ffffffc7 70 31 4e ffffff98 4a 12 1f ffffff9a 47 1b ffffffa3 43 67 50 6d 5f 4a ffffffa3 7c 29 ffffff90 10 67 fffffff3 ffffffdf 3a 0c | symkey message: release slot-key-key@0x55f33d542510 | symkey message extracted len 48 bytes at 0x55f33d541b20 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | unwrapped: 20 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 20 21 | K extracting all 16 bytes of key@0x55f33d540040 | K: symkey-key@0x55f33d540040 (16-bytes, AES_ECB) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55f33d542510 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: ffffffa6 38 2c ffffffa7 5d 66 4a ffffffdc 0f ffffffd6 24 ffffffb9 79 fffffff0 ffffff9e 2b | K: release slot-key-key@0x55f33d542510 | K extracted len 16 bytes at 0x55f33d53d150 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be600a0 | result: k1-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60088 | result: k1-key@0x55f33d544090 (16-bytes, AES_ECB) | k1: release tmp-key@0x55f33d545910 | Computing E[3] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 09 02 5e 5a 67 25 20 72 44 14 5c 6b 80 66 85 79 | XCBC: M[n] 20 21 | XCBC: M[n] 20 21 | XCBC: M[n]:80...^E[n-1]^K3 | e8 84 75 fb c5 1f b4 74 1c 13 fc e7 48 88 55 17 | XCBC: MAC be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | xcbc: release k1-key@0x55f33d544090 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60130 | result: xcbc-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60118 | result: xcbc-key@0x55f33d544090 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x55f33d545910 | PRF symkey interface: release key-key@0x55f33d540040 | PRF symkey interface PRF aes_xcbc final-key@0x55f33d544090 (size 16) | PRF symkey interface: key-key@0x55f33d544090 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55f33d544090 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input extracting all 16 bytes of key@0x55f33d544090 | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: symkey-key@0x55f33d544090 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: new slot-key@0x55f33d542510 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)999707097: ffffff9a 10 4e 5f 60 2c 7e ffffffb1 ffffff9d 04 06 ffffffbf ffffff9a 38 3f ffffffdf | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: release slot-key-key@0x55f33d542510 | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input extracted len 16 bytes at 0x55f33d53d150 | unwrapped: be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | verify_chunk_data: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: ok | test_prf_vector: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input passed | test_prf_vector: release symkey-key@0x55f33d544090 | test_prf_vector: release message-key@0x55f33d53e7c0 | test_prf_vector: release key-key@0x55f33d5427a0 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0xf0dafee895db30253761103b5d84528f" | decode_to_chunk: output: | f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | PRF chunk interface PRF aes_xcbc init key-chunk@0x55f33d541b00 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60120 | result: key-key@0x55f33d53e7c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d53e7c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60108 | result: key-key@0x55f33d5427a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x55f33d53e7c0 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d5427a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be600e8 | result: key-key@0x55f33d53e7c0 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x55f33d5427a0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x55f33d53cf90 | PRF chunk interface PRF aes_xcbc update message-bytes@0x55f33d547190 (length 1000) | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 | K extracting all 16 bytes of key@0x55f33d53e7c0 | K: symkey-key@0x55f33d53e7c0 (16-bytes, AES_ECB) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55f33d542510 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540028960: ffffffa6 38 2c ffffffa7 5d 66 4a ffffffdc 0f ffffffd6 24 ffffffb9 79 fffffff0 ffffff9e 2b | K: release slot-key-key@0x55f33d542510 | K extracted len 16 bytes at 0x55f33d5425a0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60080 | result: k1-key@0x55f33d544090 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d544090 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60068 | result: k1-key@0x55f33d5427a0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55f33d544090 | Computing E[63] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 5c 88 af cc 1e 1e 83 fc c4 2c 0c e4 12 12 f5 17 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n]:80...^E[n-1]^K3 | 9d 2f 04 6d bc 24 17 fa 1c 2b ac 68 da fc 25 79 | XCBC: MAC f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | xcbc: release k1-key@0x55f33d5427a0 | PRF chunk interface: release key-key@0x55f33d53e7c0 | PRF chunk interface PRF aes_xcbc final-chunk@0x55f33d541bb0 (length 16) | f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | chunk output f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | verify_chunk_data: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: ok | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60190 | result: key symkey-key@0x55f33d5427a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d5427a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60178 | result: key symkey-key@0x55f33d53e7c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55f33d5427a0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x55f33d53e7c0 (size 16) | PRF symkey interface: key symkey-key@0x55f33d53e7c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d53e7c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60118 | result: key symkey-key@0x55f33d5427a0 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x55f33d5418c0 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60190 | result: message symkey-key@0x55f33d540040 (1016-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 1000 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 1000-bytes | base: base-key@0x55f33d540040 (1016-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60178 | result: message symkey-key@0x55f33d544090 (1000-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55f33d540040 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x55f33d544090 (size 1000) | PRF symkey interface: symkey message-key@0x55f33d544090 (1000-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 1000 bytes of key@0x55f33d544090 | symkey message: symkey-key@0x55f33d544090 (1000-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x55f33d542510 (1000-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 1008 | wrapper: (SECItemType)2078670192: 2d 65 03 2a ffffffd6 5f ffffff97 5a 3a 16 ffffffd2 64 ffffffda 73 ffffffd4 58 2d 65 03 2a ffffffd6 5f ffffff97 5a 3a 16 ffffffd2 64 ffffffda 73 ffffffd4 58 2d 65 03 2a ffffffd6 5f ffffff97 5a 3a 16 ffffffd2 64 ffffffda 73 ffffffd4 58 2d 65 03 2a ffffffd6 5f ffffff97 5a 3a 16 ffffffd2 64 ffffffda 73 ffffffd4 58 2d 65 03 2a ffffffd6 5f ffffff97 5a 3a 16 ffffffd2 64 ffffffda 73 ffffffd4 58 2d 65 03 2a ffffffd6 5f ffffff97 5a 3a 16 ffffffd2 64 ffffffda 73 ffffffd4 58 2d 65 03 2a ffffffd6 5f ffffff97 5a 3a 16 ffffffd2 64 ffffffda 73 ffffffd4 58 2d 65 03 2a ffffffd6 5f ffffff97 5a 3a 16 ffffffd2 64 ffffffda 73 ffffffd4 58 2d 65 03 2a ffffffd6 5f ffffff97 5a 3a 16 ffffffd2 64 ffffffda 73 ffffffd4 58 2d 65 03 2a ffffffd6 5f ffffff97 5a 3a 16 ffffffd2 64 ffffffda 73 ffffffd4 58 2d 65 03 2a ffffffd6 5f ffffff97 5a 3a 16 ffffffd2 64 ffffffda 73 ffffffd4 58 2d 65 03 2a ffffffd6 5f ffffff97 5a 3a 16 ffffffd2 64 ffffffda 73 ffffffd4 58 | symkey message: release slot-key-key@0x55f33d542510 | symkey message extracted len 1008 bytes at 0x55f33d548f40 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 | K extracting all 16 bytes of key@0x55f33d5427a0 | K: symkey-key@0x55f33d5427a0 (16-bytes, AES_ECB) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55f33d542510 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: ffffffa6 38 2c ffffffa7 5d 66 4a ffffffdc 0f ffffffd6 24 ffffffb9 79 fffffff0 ffffff9e 2b | K: release slot-key-key@0x55f33d542510 | K extracted len 16 bytes at 0x55f33d53d080 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be600a0 | result: k1-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60088 | result: k1-key@0x55f33d540040 (16-bytes, AES_ECB) | k1: release tmp-key@0x55f33d545910 | Computing E[63] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 5c 88 af cc 1e 1e 83 fc c4 2c 0c e4 12 12 f5 17 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n]:80...^E[n-1]^K3 | 9d 2f 04 6d bc 24 17 fa 1c 2b ac 68 da fc 25 79 | XCBC: MAC f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | xcbc: release k1-key@0x55f33d540040 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60130 | result: xcbc-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60118 | result: xcbc-key@0x55f33d540040 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x55f33d545910 | PRF symkey interface: release key-key@0x55f33d5427a0 | PRF symkey interface PRF aes_xcbc final-key@0x55f33d540040 (size 16) | PRF symkey interface: key-key@0x55f33d540040 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55f33d540040 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input extracting all 16 bytes of key@0x55f33d540040 | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: symkey-key@0x55f33d540040 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: new slot-key@0x55f33d542510 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)999707097: 73 5d 3b 3f 00 ffffffc4 ffffffe3 60 ffffffae ffffff87 ffffff91 fffffffe ffffffdb ffffff84 ffffff8e 49 | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: release slot-key-key@0x55f33d542510 | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input extracted len 16 bytes at 0x55f33d53d080 | unwrapped: f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | verify_chunk_data: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: ok | test_prf_vector: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input passed | test_prf_vector: release symkey-key@0x55f33d540040 | test_prf_vector: release message-key@0x55f33d544090 | test_prf_vector: release key-key@0x55f33d53e7c0 | test_prf_vector: release output-key@NULL RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x47f51b4564966215b8985c63055ed308" | decode_to_chunk: output: | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | PRF chunk interface PRF aes_xcbc init key-chunk@0x55f33d5418c0 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60120 | result: key-key@0x55f33d544090 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d544090 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60108 | result: key-key@0x55f33d53e7c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x55f33d544090 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d53e7c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be600e8 | result: key-key@0x55f33d544090 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x55f33d53e7c0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x55f33d5418e0 | PRF chunk interface PRF aes_xcbc update message-bytes@0x55f33d53d080 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x55f33d544090 | K: symkey-key@0x55f33d544090 (16-bytes, AES_ECB) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55f33d542510 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: ffffffa6 38 2c ffffffa7 5d 66 4a ffffffdc 0f ffffffd6 24 ffffffb9 79 fffffff0 ffffff9e 2b | K: release slot-key-key@0x55f33d542510 | K extracted len 16 bytes at 0x55f33d541b60 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60080 | result: k1-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60068 | result: k1-key@0x55f33d53e7c0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55f33d540040 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x55f33d53e7c0 | PRF chunk interface: release key-key@0x55f33d544090 | PRF chunk interface PRF aes_xcbc final-chunk@0x55f33d541d10 (length 16) | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | chunk output 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): ok | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60190 | result: key symkey-key@0x55f33d53e7c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d53e7c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60178 | result: key symkey-key@0x55f33d544090 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55f33d53e7c0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x55f33d544090 (size 16) | PRF symkey interface: key symkey-key@0x55f33d544090 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d544090 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60118 | result: key symkey-key@0x55f33d53e7c0 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x55f33d541ae0 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60190 | result: message symkey-key@0x55f33d5427a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55f33d5427a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60178 | result: message symkey-key@0x55f33d540040 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55f33d5427a0 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x55f33d540040 (size 20) | PRF symkey interface: symkey message-key@0x55f33d540040 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x55f33d540040 | symkey message: symkey-key@0x55f33d540040 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x55f33d542510 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2078670192: ffffffa6 38 2c ffffffa7 5d 66 4a ffffffdc 0f ffffffd6 24 ffffffb9 79 fffffff0 ffffff9e 2b ffffffd0 3e 35 ffffff8e ffffffb7 6c 7e 48 ffffff9d ffffffe7 ffffffcf 73 ffffff9b ffffffe2 25 5a | symkey message: release slot-key-key@0x55f33d542510 | symkey message extracted len 32 bytes at 0x55f33d5425f0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x55f33d53e7c0 | K: symkey-key@0x55f33d53e7c0 (16-bytes, AES_ECB) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55f33d542510 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: ffffffa6 38 2c ffffffa7 5d 66 4a ffffffdc 0f ffffffd6 24 ffffffb9 79 fffffff0 ffffff9e 2b | K: release slot-key-key@0x55f33d542510 | K extracted len 16 bytes at 0x55f33d541bb0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be600a0 | result: k1-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60088 | result: k1-key@0x55f33d5427a0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55f33d545910 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x55f33d5427a0 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60130 | result: xcbc-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60118 | result: xcbc-key@0x55f33d5427a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x55f33d545910 | PRF symkey interface: release key-key@0x55f33d53e7c0 | PRF symkey interface PRF aes_xcbc final-key@0x55f33d5427a0 (size 16) | PRF symkey interface: key-key@0x55f33d5427a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55f33d5427a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) extracting all 16 bytes of key@0x55f33d5427a0 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): symkey-key@0x55f33d5427a0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): new slot-key@0x55f33d542510 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)999707097: ffffffb9 71 ffffffb2 fffffffc 64 ffffffb5 ffffffd1 03 1b ffffff87 ffffffb8 38 ffffffa0 5d 54 ffffffb2 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): release slot-key-key@0x55f33d542510 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) extracted len 16 bytes at 0x55f33d541d10 | unwrapped: 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): ok | test_prf_vector: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) passed | test_prf_vector: release symkey-key@0x55f33d5427a0 | test_prf_vector: release message-key@0x55f33d540040 | test_prf_vector: release key-key@0x55f33d544090 | test_prf_vector: release output-key@NULL RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) | decode_to_chunk: test_prf_vector: input "0x00010203040506070809" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x0fa087af7d866e7653434e602fdde835" | decode_to_chunk: output: | 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | PRF chunk interface PRF aes_xcbc init key-chunk@0x55f33d541b60 (length 10) | 00 01 02 03 04 05 06 07 08 09 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60120 | result: key-key@0x55f33d540040 (26-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 10 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 10-bytes | base: base-key@0x55f33d540040 (26-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60108 | result: key-key@0x55f33d544090 (10-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x55f33d540040 | XCBC: Key 10<16 too small, padding with zeros | xcbc: reference tmp-key@0x55f33d544090 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d544090 (10-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc7be600c0 | result: tmp+=0-key@0x55f33d540040 (16-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55f33d544090 | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d540040 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be600e8 | result: PRF chunk interface-key@0x55f33d5427a0 (16-bytes, AES_ECB) | PRF chunk interface: release tmp-key@0x55f33d540040 | PRF chunk interface: release clone-key@0x55f33d544090 | PRF chunk interface PRF aes_xcbc crypt-prf@0x55f33d53cf90 | PRF chunk interface PRF aes_xcbc update message-bytes@0x55f33d541d10 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x55f33d5427a0 | K: symkey-key@0x55f33d5427a0 (16-bytes, AES_ECB) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55f33d542510 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: 1d 2a ffffff80 fffffff7 09 07 ffffff97 39 32 72 ffffffa1 ffffffcc ffffffed 55 50 ffffff8d | K: release slot-key-key@0x55f33d542510 | K extracted len 16 bytes at 0x55f33d541ae0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K1 50 ca b2 4d 03 34 45 5e 40 7b 25 0f dd 7c f8 d5 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60080 | result: k1-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60068 | result: k1-key@0x55f33d544090 (16-bytes, AES_ECB) | k1: release tmp-key@0x55f33d540040 | Computing E[2] using K3 | XCBC: K3 8e f7 48 db 56 f1 f7 26 24 72 f2 c5 63 b0 3f 88 | XCBC: E[n-1] fe 1f 63 e9 65 1a 4b bb 3c cc cd 0d cc 83 e4 30 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | 60 f9 39 21 b3 eb bc 9d 18 be 3f c8 af 33 db b8 | XCBC: MAC 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | xcbc: release k1-key@0x55f33d544090 | PRF chunk interface: release key-key@0x55f33d5427a0 | PRF chunk interface PRF aes_xcbc final-chunk@0x55f33d541900 (length 16) | 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | chunk output 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): ok | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60190 | result: key symkey-key@0x55f33d544090 (26-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 10 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 10-bytes | base: base-key@0x55f33d544090 (26-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60178 | result: key symkey-key@0x55f33d5427a0 (10-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55f33d544090 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x55f33d5427a0 (size 10) | PRF symkey interface: key symkey-key@0x55f33d5427a0 (10-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 10<16 too small, padding with zeros | xcbc: reference tmp-key@0x55f33d5427a0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d5427a0 (10-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc7be600f0 | result: tmp+=0-key@0x55f33d544090 (16-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55f33d5427a0 | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d544090 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60118 | result: PRF symkey interface-key@0x55f33d540040 (16-bytes, AES_ECB) | PRF symkey interface: release tmp-key@0x55f33d544090 | PRF symkey interface PRF aes_xcbc crypt-prf@0x55f33d5425a0 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60190 | result: message symkey-key@0x55f33d53e7c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55f33d53e7c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60178 | result: message symkey-key@0x55f33d544090 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55f33d53e7c0 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x55f33d544090 (size 20) | PRF symkey interface: symkey message-key@0x55f33d544090 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x55f33d544090 | symkey message: symkey-key@0x55f33d544090 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x55f33d542510 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2078670192: ffffffa6 38 2c ffffffa7 5d 66 4a ffffffdc 0f ffffffd6 24 ffffffb9 79 fffffff0 ffffff9e 2b ffffffd0 3e 35 ffffff8e ffffffb7 6c 7e 48 ffffff9d ffffffe7 ffffffcf 73 ffffff9b ffffffe2 25 5a | symkey message: release slot-key-key@0x55f33d542510 | symkey message extracted len 32 bytes at 0x55f33d549340 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x55f33d540040 | K: symkey-key@0x55f33d540040 (16-bytes, AES_ECB) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55f33d542510 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 1d 2a ffffff80 fffffff7 09 07 ffffff97 39 32 72 ffffffa1 ffffffcc ffffffed 55 50 ffffff8d | K: release slot-key-key@0x55f33d542510 | K extracted len 16 bytes at 0x55f33d53d150 | unwrapped: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K1 50 ca b2 4d 03 34 45 5e 40 7b 25 0f dd 7c f8 d5 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be600a0 | result: k1-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60088 | result: k1-key@0x55f33d53e7c0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55f33d545910 | Computing E[2] using K3 | XCBC: K3 8e f7 48 db 56 f1 f7 26 24 72 f2 c5 63 b0 3f 88 | XCBC: E[n-1] fe 1f 63 e9 65 1a 4b bb 3c cc cd 0d cc 83 e4 30 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | 60 f9 39 21 b3 eb bc 9d 18 be 3f c8 af 33 db b8 | XCBC: MAC 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | xcbc: release k1-key@0x55f33d53e7c0 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60130 | result: xcbc-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60118 | result: xcbc-key@0x55f33d53e7c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x55f33d545910 | PRF symkey interface: release key-key@0x55f33d540040 | PRF symkey interface PRF aes_xcbc final-key@0x55f33d53e7c0 (size 16) | PRF symkey interface: key-key@0x55f33d53e7c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55f33d53e7c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) extracting all 16 bytes of key@0x55f33d53e7c0 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): symkey-key@0x55f33d53e7c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): new slot-key@0x55f33d542510 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)999707097: 0a ffffffe3 60 ffffffbe ffffffa8 ffffffc7 ffffffc4 08 31 ffffffff 59 32 2b 64 ffffffd3 61 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): release slot-key-key@0x55f33d542510 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) extracted len 16 bytes at 0x55f33d541900 | unwrapped: 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): ok | test_prf_vector: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) passed | test_prf_vector: release symkey-key@0x55f33d53e7c0 | test_prf_vector: release message-key@0x55f33d544090 | test_prf_vector: release key-key@0x55f33d5427a0 | test_prf_vector: release output-key@NULL RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0fedcb" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | ed cb | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x8cd3c93ae598a9803006ffb67c40e9e4" | decode_to_chunk: output: | 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | PRF chunk interface PRF aes_xcbc init key-chunk@0x55f33d541ae0 (length 18) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | ed cb | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60120 | result: key-key@0x55f33d544090 (34-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 18 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 18-bytes | base: base-key@0x55f33d544090 (34-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60108 | result: key-key@0x55f33d5427a0 (18-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x55f33d544090 | XCBC: Key 18>16 too big, rehashing to size | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be600c0 | result: key-key@0x55f33d53e7c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d53e7c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be600a8 | result: key-key@0x55f33d544090 (16-bytes, AES_ECB) | key: release tmp-key@0x55f33d53e7c0 | key extracting all 18 bytes of key@0x55f33d5427a0 | key: symkey-key@0x55f33d5427a0 (18-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | key: new slot-key@0x55f33d542510 (18-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1701522796: ffffffa6 38 2c ffffffa7 5d 66 4a ffffffdc 0f ffffffd6 24 ffffffb9 79 fffffff0 ffffff9e 2b 31 7d 05 ffffffbc ffffffc1 45 4e ffffffd1 2e fffffffb 5e ffffffd2 70 ffffffeb 63 4c | key: release slot-key-key@0x55f33d542510 | key extracted len 32 bytes at 0x55f33d542170 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: ed cb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data ed cb | K extracting all 16 bytes of key@0x55f33d544090 | K: symkey-key@0x55f33d544090 (16-bytes, AES_ECB) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55f33d542510 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)808460336: 2d 65 03 2a ffffffd6 5f ffffff97 5a 3a 16 ffffffd2 64 ffffffda 73 ffffffd4 58 | K: release slot-key-key@0x55f33d542510 | K extracted len 16 bytes at 0x55f33d541b00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K1 e1 4d 5d 0e e2 77 15 df 08 b4 15 2b a2 3d a8 e0 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60040 | result: k1-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60028 | result: k1-key@0x55f33d53e7c0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55f33d540040 | Computing E[2] using K3 | XCBC: K3 8d 34 ef cb 3b d5 45 ca 06 2a ec df ef 7c 0b fa | XCBC: E[n-1] 0b 72 b2 ae 0a 37 79 81 75 6a d5 9c 79 c0 e6 96 | XCBC: M[n] ed cb | XCBC: M[n] ed cb | XCBC: M[n]:80...^E[n-1]^K3 | 6b 8d dd 65 31 e2 3c 4b 73 40 39 43 96 bc ed 6c | XCBC: MAC 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | xcbc: release k1-key@0x55f33d53e7c0 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be600c0 | result: key-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be600a8 | result: key-key@0x55f33d53e7c0 (16-bytes, AES_ECB) | key: release tmp-key@0x55f33d540040 | PRF chunk interface: release clone-key@0x55f33d5427a0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x55f33d53cf90 | PRF chunk interface PRF aes_xcbc update message-bytes@0x55f33d541900 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x55f33d53e7c0 | K: symkey-key@0x55f33d53e7c0 (16-bytes, AES_ECB) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55f33d542510 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: ffffffbb 4c ffffff8b 4d 0d 5e ffffffe9 28 fffffffb 0c 56 ffffff8b 01 00 2c 07 | K: release slot-key-key@0x55f33d542510 | K extracted len 16 bytes at 0x55f33d541bb0 | unwrapped: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K1 27 f3 88 2f b7 b9 4b a4 16 36 09 d5 d2 39 c5 7f | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60080 | result: k1-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60068 | result: k1-key@0x55f33d5427a0 (16-bytes, AES_ECB) | k1: release tmp-key@0x55f33d540040 | Computing E[2] using K3 | XCBC: K3 50 9e d8 ae 74 5a 75 4c 93 4d 6c 91 98 fe e2 1b | XCBC: E[n-1] ec 26 f6 dd e8 bb 1b d1 ec 76 c4 91 78 37 ca 4b | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | ac a9 3c 60 1c e1 6e 9d 7f 3b a8 00 e0 c9 28 50 | XCBC: MAC 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | xcbc: release k1-key@0x55f33d5427a0 | PRF chunk interface: release key-key@0x55f33d53e7c0 | PRF chunk interface PRF aes_xcbc final-chunk@0x55f33d5425a0 (length 16) | 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | chunk output 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): ok | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60190 | result: key symkey-key@0x55f33d5427a0 (34-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 18 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 18-bytes | base: base-key@0x55f33d5427a0 (34-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60178 | result: key symkey-key@0x55f33d53e7c0 (18-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55f33d5427a0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x55f33d53e7c0 (size 18) | PRF symkey interface: key symkey-key@0x55f33d53e7c0 (18-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 18>16 too big, rehashing to size | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be600f0 | result: key symkey-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be600d8 | result: key symkey-key@0x55f33d5427a0 (16-bytes, AES_ECB) | key symkey: release tmp-key@0x55f33d540040 | key symkey extracting all 18 bytes of key@0x55f33d53e7c0 | key symkey: symkey-key@0x55f33d53e7c0 (18-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | key symkey: new slot-key@0x55f33d542510 (18-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1701522796: ffffffa6 38 2c ffffffa7 5d 66 4a ffffffdc 0f ffffffd6 24 ffffffb9 79 fffffff0 ffffff9e 2b 31 7d 05 ffffffbc ffffffc1 45 4e ffffffd1 2e fffffffb 5e ffffffd2 70 ffffffeb 63 4c | key symkey: release slot-key-key@0x55f33d542510 | key symkey extracted len 32 bytes at 0x55f33d542170 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: ed cb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data ed cb | K extracting all 16 bytes of key@0x55f33d5427a0 | K: symkey-key@0x55f33d5427a0 (16-bytes, AES_ECB) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55f33d542510 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)808460336: 2d 65 03 2a ffffffd6 5f ffffff97 5a 3a 16 ffffffd2 64 ffffffda 73 ffffffd4 58 | K: release slot-key-key@0x55f33d542510 | K extracted len 16 bytes at 0x55f33d53d150 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K1 e1 4d 5d 0e e2 77 15 df 08 b4 15 2b a2 3d a8 e0 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60070 | result: k1-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60058 | result: k1-key@0x55f33d540040 (16-bytes, AES_ECB) | k1: release tmp-key@0x55f33d545910 | Computing E[2] using K3 | XCBC: K3 8d 34 ef cb 3b d5 45 ca 06 2a ec df ef 7c 0b fa | XCBC: E[n-1] 0b 72 b2 ae 0a 37 79 81 75 6a d5 9c 79 c0 e6 96 | XCBC: M[n] ed cb | XCBC: M[n] ed cb | XCBC: M[n]:80...^E[n-1]^K3 | 6b 8d dd 65 31 e2 3c 4b 73 40 39 43 96 bc ed 6c | XCBC: MAC 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | xcbc: release k1-key@0x55f33d540040 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be600f0 | result: key symkey-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be600d8 | result: key symkey-key@0x55f33d540040 (16-bytes, AES_ECB) | key symkey: release tmp-key@0x55f33d545910 | PRF symkey interface PRF aes_xcbc crypt-prf@0x55f33d541d10 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60190 | result: message symkey-key@0x55f33d548d40 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x55f33d548d40 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60178 | result: message symkey-key@0x55f33d545910 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55f33d548d40 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x55f33d545910 (size 20) | PRF symkey interface: symkey message-key@0x55f33d545910 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x55f33d545910 | symkey message: symkey-key@0x55f33d545910 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x55f33d542510 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)2078670192: ffffffa6 38 2c ffffffa7 5d 66 4a ffffffdc 0f ffffffd6 24 ffffffb9 79 fffffff0 ffffff9e 2b ffffffd0 3e 35 ffffff8e ffffffb7 6c 7e 48 ffffff9d ffffffe7 ffffffcf 73 ffffff9b ffffffe2 25 5a | symkey message: release slot-key-key@0x55f33d542510 | symkey message extracted len 32 bytes at 0x55f33d542170 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x55f33d540040 | K: symkey-key@0x55f33d540040 (16-bytes, AES_ECB) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x55f33d542510 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: ffffffbb 4c ffffff8b 4d 0d 5e ffffffe9 28 fffffffb 0c 56 ffffff8b 01 00 2c 07 | K: release slot-key-key@0x55f33d542510 | K extracted len 16 bytes at 0x55f33d53cf90 | unwrapped: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K1 27 f3 88 2f b7 b9 4b a4 16 36 09 d5 d2 39 c5 7f | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be600a0 | result: k1-key@0x55f33d54aa00 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x55f33d54aa00 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60088 | result: k1-key@0x55f33d548d40 (16-bytes, AES_ECB) | k1: release tmp-key@0x55f33d54aa00 | Computing E[2] using K3 | XCBC: K3 50 9e d8 ae 74 5a 75 4c 93 4d 6c 91 98 fe e2 1b | XCBC: E[n-1] ec 26 f6 dd e8 bb 1b d1 ec 76 c4 91 78 37 ca 4b | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | ac a9 3c 60 1c e1 6e 9d 7f 3b a8 00 e0 c9 28 50 | XCBC: MAC 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | xcbc: release k1-key@0x55f33d548d40 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60130 | result: xcbc-key@0x55f33d54aa00 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d54aa00 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60118 | result: xcbc-key@0x55f33d548d40 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x55f33d54aa00 | PRF symkey interface: release key-key@0x55f33d540040 | PRF symkey interface PRF aes_xcbc final-key@0x55f33d548d40 (size 16) | PRF symkey interface: key-key@0x55f33d548d40 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55f33d548d40 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) extracting all 16 bytes of key@0x55f33d548d40 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): symkey-key@0x55f33d548d40 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): new slot-key@0x55f33d542510 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)999707097: 08 1b ffffff90 36 ffffffcd ffffff87 13 ffffff97 60 ffffff88 28 ffffffd6 ffffffcc 6c ffffff85 ffffff9b | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): release slot-key-key@0x55f33d542510 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) extracted len 16 bytes at 0x55f33d541b00 | unwrapped: 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): ok | test_prf_vector: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) passed | test_prf_vector: release symkey-key@0x55f33d548d40 | test_prf_vector: release message-key@0x55f33d545910 | test_prf_vector: release key-key@0x55f33d53e7c0 | test_prf_vector: release output-key@NULL testing HMAC_MD5: RFC 2104: MD5_HMAC test 1 | decode_to_chunk: test_prf_vector: input "0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b" | decode_to_chunk: output: | 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b | decode_to_chunk: test_prf_vector: input "Hi There" | decode_to_chunk: output: | 48 69 20 54 68 65 72 65 | decode_to_chunk: test_prf_vector: input "0x9294727a3638bb1c13f48ef8158bfc9d" | decode_to_chunk: output: | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | PRF chunk interface PRF md5 init key-chunk@0x55f33d541d10 (length 16) | 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60110 | result: PRF chunk interface-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be600f8 | result: PRF chunk interface-key@0x55f33d53e7c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF chunk interface: release tmp-key@0x55f33d545910 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d53e7c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc7be60050 | result: trimed key-key@0x55f33d545910 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55f33d53e7c0 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55f33d545910 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc7be60090 | result: result-key@0x55f33d53e7c0 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF chunk interface PRF md5 crypt-prf@0x55f33d541b60 | PRF chunk interface PRF md5 update message-bytes@0x55f33d541b00 (length 8) | 48 69 20 54 68 65 72 65 | CONCATENATE_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55f33d53e7c0 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 16-bytes@0x7ffc7be60180 | result: message-key@0x55f33d548d40 (72-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_bytes: release lhs-key@0x55f33d53e7c0 | PRF HMAC inner hash hash md5 inner-key@0x55f33d548d40 (size 72) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x55f33d548d40 (size 72) | PRF HMAC inner hash: inner-key@0x55f33d548d40 (72-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x55f33d542830 (length 16) | 90 1d 23 73 2e dc c0 f1 a1 06 53 2f 6b e5 ec eb | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60010 | result: PRF HMAC inner hash-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be5fff8 | result: PRF HMAC inner hash-key@0x55f33d53e7c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x55f33d540040 | PRF chunk interface: release inner-key@0x55f33d548d40 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55f33d545910 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc7be60080 | result: result-key@0x55f33d548d40 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55f33d548d40 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffc7be60068 | result: result-key@0x55f33d540040 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x55f33d548d40 | PRF chunk interface: release hashed-inner-key@0x55f33d53e7c0 | PRF chunk interface: release key-key@0x55f33d545910 | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x55f33d540040 (size 80) | PRF HMAC outer hash: outer-key@0x55f33d540040 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final bytes@0x55f33d53cf90 (length 16) | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | PRF chunk interface: release outer-key@0x55f33d540040 | PRF chunk interface PRF md5 final-chunk@0x55f33d53cf90 (length 16) | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | chunk output 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | verify_chunk_data: RFC 2104: MD5_HMAC test 1: ok | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60190 | result: key symkey-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60178 | result: key symkey-key@0x55f33d540040 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55f33d545910 | PRF symkey interface PRF md5 init key symkey-key@0x55f33d540040 (size 16) | PRF symkey interface: key symkey-key@0x55f33d540040 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface: reference key-key@0x55f33d540040 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d540040 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc7be60050 | result: trimed key-key@0x55f33d545910 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55f33d540040 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55f33d545910 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc7be60090 | result: result-key@0x55f33d53e7c0 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF symkey interface PRF md5 crypt-prf@0x55f33d5425a0 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60190 | result: message symkey-key@0x55f33d54aa00 (24-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 8 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 8-bytes | base: base-key@0x55f33d54aa00 (24-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60178 | result: message symkey-key@0x55f33d548d40 (8-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55f33d54aa00 | PRF symkey interface PRF md5 update symkey message-key@0x55f33d548d40 (size 8) | PRF symkey interface: symkey message-key@0x55f33d548d40 (8-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55f33d53e7c0 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffc7be601a8 | result: result-key@0x55f33d54aa00 (72-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x55f33d53e7c0 | PRF HMAC inner hash hash md5 inner-key@0x55f33d54aa00 (size 72) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x55f33d54aa00 (size 72) | PRF HMAC inner hash: inner-key@0x55f33d54aa00 (72-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x55f33d541900 (length 16) | 90 1d 23 73 2e dc c0 f1 a1 06 53 2f 6b e5 ec eb | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60030 | result: PRF HMAC inner hash-key@0x55f33d54c360 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d54c360 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60018 | result: PRF HMAC inner hash-key@0x55f33d53e7c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x55f33d54c360 | PRF symkey interface: release inner-key@0x55f33d54aa00 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55f33d545910 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc7be600a0 | result: result-key@0x55f33d54aa00 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55f33d54aa00 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffc7be60088 | result: result-key@0x55f33d54c360 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x55f33d54aa00 | PRF symkey interface: release hashed-inner-key@0x55f33d53e7c0 | PRF symkey interface: release key-key@0x55f33d545910 | PRF HMAC outer hash hash md5 outer-key@0x55f33d54c360 (size 80) | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x55f33d54c360 (size 80) | PRF HMAC outer hash: outer-key@0x55f33d54c360 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final chunk@0x55f33d542830 (length 16) | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be600f0 | result: PRF HMAC outer hash-key@0x55f33d53e7c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d53e7c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be600d8 | result: PRF HMAC outer hash-key@0x55f33d545910 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC outer hash: release tmp-key@0x55f33d53e7c0 | PRF symkey interface: release outer-key@0x55f33d54c360 | : hashed-outer-key@0x55f33d545910 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface PRF md5 final-key@0x55f33d545910 (size 16) | PRF symkey interface: key-key@0x55f33d545910 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55f33d545910 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 2104: MD5_HMAC test 1 extracting all 16 bytes of key@0x55f33d545910 | RFC 2104: MD5_HMAC test 1: symkey-key@0x55f33d545910 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | RFC 2104: MD5_HMAC test 1: new slot-key@0x55f33d542510 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)999707097: ffffffcc 2f 35 ffffff85 33 59 5d fffffff3 ffffffc1 00 ffffff96 ffffffe0 5a 66 6a 2a | RFC 2104: MD5_HMAC test 1: release slot-key-key@0x55f33d542510 | RFC 2104: MD5_HMAC test 1 extracted len 16 bytes at 0x55f33d541900 | unwrapped: 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | verify_chunk_data: RFC 2104: MD5_HMAC test 1: ok | test_prf_vector: RFC 2104: MD5_HMAC test 1 passed | test_prf_vector: release symkey-key@0x55f33d545910 | test_prf_vector: release message-key@0x55f33d548d40 | test_prf_vector: release key-key@0x55f33d540040 | test_prf_vector: release output-key@NULL RFC 2104: MD5_HMAC test 2 | decode_to_chunk: test_prf_vector: input "Jefe" | decode_to_chunk: output: | 4a 65 66 65 | decode_to_chunk: test_prf_vector: input "what do ya want for nothing?" | decode_to_chunk: output: | 77 68 61 74 20 64 6f 20 79 61 20 77 61 6e 74 20 | 66 6f 72 20 6e 6f 74 68 69 6e 67 3f | decode_to_chunk: test_prf_vector: input "0x750c783e6ab0b503eaa86e310a5db738" | decode_to_chunk: output: | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | PRF chunk interface PRF md5 init key-chunk@0x55f33d5425a0 (length 4) | 4a 65 66 65 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60110 | result: PRF chunk interface-key@0x55f33d548d40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 4 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 4-bytes | base: base-key@0x55f33d548d40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be600f8 | result: PRF chunk interface-key@0x55f33d540040 (4-bytes, EXTRACT_KEY_FROM_KEY) | PRF chunk interface: release tmp-key@0x55f33d548d40 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d540040 (4-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc7be60050 | result: trimed key-key@0x55f33d548d40 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55f33d540040 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55f33d548d40 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc7be60090 | result: result-key@0x55f33d540040 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF chunk interface PRF md5 crypt-prf@0x55f33d542830 | PRF chunk interface PRF md5 update message-bytes@0x55f33d542170 (length 28) | 77 68 61 74 20 64 6f 20 79 61 20 77 61 6e 74 20 | 66 6f 72 20 6e 6f 74 68 69 6e 67 3f | CONCATENATE_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55f33d540040 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 16-bytes@0x7ffc7be60180 | result: message-key@0x55f33d545910 (92-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_bytes: release lhs-key@0x55f33d540040 | PRF HMAC inner hash hash md5 inner-key@0x55f33d545910 (size 92) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x55f33d545910 (size 92) | PRF HMAC inner hash: inner-key@0x55f33d545910 (92-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x55f33d53d080 (length 16) | c3 db 14 c0 65 f5 52 03 b0 33 c8 1a 69 7b 97 c5 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60010 | result: PRF HMAC inner hash-key@0x55f33d54c360 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d54c360 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be5fff8 | result: PRF HMAC inner hash-key@0x55f33d540040 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x55f33d54c360 | PRF chunk interface: release inner-key@0x55f33d545910 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55f33d548d40 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc7be60080 | result: result-key@0x55f33d545910 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55f33d545910 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffc7be60068 | result: result-key@0x55f33d54c360 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x55f33d545910 | PRF chunk interface: release hashed-inner-key@0x55f33d540040 | PRF chunk interface: release key-key@0x55f33d548d40 | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x55f33d54c360 (size 80) | PRF HMAC outer hash: outer-key@0x55f33d54c360 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final bytes@0x55f33d54ab60 (length 16) | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | PRF chunk interface: release outer-key@0x55f33d54c360 | PRF chunk interface PRF md5 final-chunk@0x55f33d54ab60 (length 16) | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | chunk output 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | verify_chunk_data: RFC 2104: MD5_HMAC test 2: ok | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60190 | result: key symkey-key@0x55f33d548d40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 4 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 4-bytes | base: base-key@0x55f33d548d40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60178 | result: key symkey-key@0x55f33d54c360 (4-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55f33d548d40 | PRF symkey interface PRF md5 init key symkey-key@0x55f33d54c360 (size 4) | PRF symkey interface: key symkey-key@0x55f33d54c360 (4-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface: reference key-key@0x55f33d54c360 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d54c360 (4-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc7be60050 | result: trimed key-key@0x55f33d548d40 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55f33d54c360 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55f33d548d40 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc7be60090 | result: result-key@0x55f33d540040 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF symkey interface PRF md5 crypt-prf@0x55f33d542830 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60190 | result: message symkey-key@0x55f33d53e7c0 (44-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 28 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 28-bytes | base: base-key@0x55f33d53e7c0 (44-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60178 | result: message symkey-key@0x55f33d545910 (28-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55f33d53e7c0 | PRF symkey interface PRF md5 update symkey message-key@0x55f33d545910 (size 28) | PRF symkey interface: symkey message-key@0x55f33d545910 (28-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55f33d540040 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffc7be601a8 | result: result-key@0x55f33d53e7c0 (92-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x55f33d540040 | PRF HMAC inner hash hash md5 inner-key@0x55f33d53e7c0 (size 92) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x55f33d53e7c0 (size 92) | PRF HMAC inner hash: inner-key@0x55f33d53e7c0 (92-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x55f33d541ae0 (length 16) | c3 db 14 c0 65 f5 52 03 b0 33 c8 1a 69 7b 97 c5 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60030 | result: PRF HMAC inner hash-key@0x55f33d54aa00 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d54aa00 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60018 | result: PRF HMAC inner hash-key@0x55f33d540040 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x55f33d54aa00 | PRF symkey interface: release inner-key@0x55f33d53e7c0 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55f33d548d40 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc7be600a0 | result: result-key@0x55f33d53e7c0 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55f33d53e7c0 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffc7be60088 | result: result-key@0x55f33d54aa00 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x55f33d53e7c0 | PRF symkey interface: release hashed-inner-key@0x55f33d540040 | PRF symkey interface: release key-key@0x55f33d548d40 | PRF HMAC outer hash hash md5 outer-key@0x55f33d54aa00 (size 80) | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x55f33d54aa00 (size 80) | PRF HMAC outer hash: outer-key@0x55f33d54aa00 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final chunk@0x55f33d53d150 (length 16) | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be600f0 | result: PRF HMAC outer hash-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d540040 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be600d8 | result: PRF HMAC outer hash-key@0x55f33d548d40 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC outer hash: release tmp-key@0x55f33d540040 | PRF symkey interface: release outer-key@0x55f33d54aa00 | : hashed-outer-key@0x55f33d548d40 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface PRF md5 final-key@0x55f33d548d40 (size 16) | PRF symkey interface: key-key@0x55f33d548d40 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55f33d548d40 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 2104: MD5_HMAC test 2 extracting all 16 bytes of key@0x55f33d548d40 | RFC 2104: MD5_HMAC test 2: symkey-key@0x55f33d548d40 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | RFC 2104: MD5_HMAC test 2: new slot-key@0x55f33d542510 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)999707097: 40 ffffffc3 7c fffffff0 ffffff85 ffffff87 2e ffffffe9 ffffff96 ffffffb1 10 68 7b fffffff0 5f ffffffc5 | RFC 2104: MD5_HMAC test 2: release slot-key-key@0x55f33d542510 | RFC 2104: MD5_HMAC test 2 extracted len 16 bytes at 0x55f33d541ae0 | unwrapped: 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | verify_chunk_data: RFC 2104: MD5_HMAC test 2: ok | test_prf_vector: RFC 2104: MD5_HMAC test 2 passed | test_prf_vector: release symkey-key@0x55f33d548d40 | test_prf_vector: release message-key@0x55f33d545910 | test_prf_vector: release key-key@0x55f33d54c360 | test_prf_vector: release output-key@NULL RFC 2104: MD5_HMAC test 3 | decode_to_chunk: test_prf_vector: input "0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" | decode_to_chunk: output: | aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa | decode_to_chunk: test_prf_vector: input "0xDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD" | decode_to_chunk: output: | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd | decode_to_chunk: test_prf_vector: input "0x56be34521d144c88dbb8c733f0e8b3f6" | decode_to_chunk: output: | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | PRF chunk interface PRF md5 init key-chunk@0x55f33d542830 (length 16) | aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60110 | result: PRF chunk interface-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be600f8 | result: PRF chunk interface-key@0x55f33d54c360 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF chunk interface: release tmp-key@0x55f33d545910 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d54c360 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc7be60050 | result: trimed key-key@0x55f33d545910 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55f33d54c360 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55f33d545910 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc7be60090 | result: result-key@0x55f33d54c360 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF chunk interface PRF md5 crypt-prf@0x55f33d53d150 | PRF chunk interface PRF md5 update message-bytes@0x55f33d541b20 (length 50) | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd | CONCATENATE_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55f33d54c360 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 16-bytes@0x7ffc7be60180 | result: message-key@0x55f33d548d40 (114-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_bytes: release lhs-key@0x55f33d54c360 | PRF HMAC inner hash hash md5 inner-key@0x55f33d548d40 (size 114) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x55f33d548d40 (size 114) | PRF HMAC inner hash: inner-key@0x55f33d548d40 (114-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x55f33d541d10 (length 16) | 82 0a 6b 33 5d 18 7b 90 dc ba b1 7e f5 b4 26 ff | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60010 | result: PRF HMAC inner hash-key@0x55f33d54aa00 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d54aa00 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be5fff8 | result: PRF HMAC inner hash-key@0x55f33d54c360 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x55f33d54aa00 | PRF chunk interface: release inner-key@0x55f33d548d40 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55f33d545910 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc7be60080 | result: result-key@0x55f33d548d40 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55f33d548d40 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffc7be60068 | result: result-key@0x55f33d54aa00 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x55f33d548d40 | PRF chunk interface: release hashed-inner-key@0x55f33d54c360 | PRF chunk interface: release key-key@0x55f33d545910 | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x55f33d54aa00 (size 80) | PRF HMAC outer hash: outer-key@0x55f33d54aa00 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final bytes@0x55f33d53d080 (length 16) | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | PRF chunk interface: release outer-key@0x55f33d54aa00 | PRF chunk interface PRF md5 final-chunk@0x55f33d53d080 (length 16) | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | chunk output 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | verify_chunk_data: RFC 2104: MD5_HMAC test 3: ok | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60190 | result: key symkey-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60178 | result: key symkey-key@0x55f33d54aa00 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x55f33d545910 | PRF symkey interface PRF md5 init key symkey-key@0x55f33d54aa00 (size 16) | PRF symkey interface: key symkey-key@0x55f33d54aa00 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface: reference key-key@0x55f33d54aa00 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d54aa00 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc7be60050 | result: trimed key-key@0x55f33d545910 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55f33d54aa00 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55f33d545910 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc7be60090 | result: result-key@0x55f33d54c360 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF symkey interface PRF md5 crypt-prf@0x55f33d53d150 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60190 | result: message symkey-key@0x55f33d540040 (66-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 50 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 50-bytes | base: base-key@0x55f33d540040 (66-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60178 | result: message symkey-key@0x55f33d548d40 (50-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x55f33d540040 | PRF symkey interface PRF md5 update symkey message-key@0x55f33d548d40 (size 50) | PRF symkey interface: symkey message-key@0x55f33d548d40 (50-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55f33d54c360 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffc7be601a8 | result: result-key@0x55f33d540040 (114-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x55f33d54c360 | PRF HMAC inner hash hash md5 inner-key@0x55f33d540040 (size 114) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x55f33d540040 (size 114) | PRF HMAC inner hash: inner-key@0x55f33d540040 (114-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x55f33d541bb0 (length 16) | 82 0a 6b 33 5d 18 7b 90 dc ba b1 7e f5 b4 26 ff | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be60030 | result: PRF HMAC inner hash-key@0x55f33d53e7c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d53e7c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be60018 | result: PRF HMAC inner hash-key@0x55f33d54c360 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x55f33d53e7c0 | PRF symkey interface: release inner-key@0x55f33d540040 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55f33d545910 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc7be600a0 | result: result-key@0x55f33d540040 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x55f33d540040 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffc7be60088 | result: result-key@0x55f33d53e7c0 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x55f33d540040 | PRF symkey interface: release hashed-inner-key@0x55f33d54c360 | PRF symkey interface: release key-key@0x55f33d545910 | PRF HMAC outer hash hash md5 outer-key@0x55f33d53e7c0 (size 80) | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x55f33d53e7c0 (size 80) | PRF HMAC outer hash: outer-key@0x55f33d53e7c0 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final chunk@0x55f33d541b00 (length 16) | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be600f0 | result: PRF HMAC outer hash-key@0x55f33d54c360 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x55f33d54c360 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be600d8 | result: PRF HMAC outer hash-key@0x55f33d545910 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC outer hash: release tmp-key@0x55f33d54c360 | PRF symkey interface: release outer-key@0x55f33d53e7c0 | : hashed-outer-key@0x55f33d545910 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface PRF md5 final-key@0x55f33d545910 (size 16) | PRF symkey interface: key-key@0x55f33d545910 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x55f33d545910 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 2104: MD5_HMAC test 3 extracting all 16 bytes of key@0x55f33d545910 | RFC 2104: MD5_HMAC test 3: symkey-key@0x55f33d545910 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | RFC 2104: MD5_HMAC test 3: new slot-key@0x55f33d542510 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)999707097: 6c ffffff92 ffffff8f ffffffb9 fffffff8 ffffffb6 fffffff1 22 ffffffa0 ffffffe4 67 ffffffe2 ffffff8c 26 6e 6f | RFC 2104: MD5_HMAC test 3: release slot-key-key@0x55f33d542510 | RFC 2104: MD5_HMAC test 3 extracted len 16 bytes at 0x55f33d541bb0 | unwrapped: 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | verify_chunk_data: RFC 2104: MD5_HMAC test 3: ok | test_prf_vector: RFC 2104: MD5_HMAC test 3 passed | test_prf_vector: release symkey-key@0x55f33d545910 | test_prf_vector: release message-key@0x55f33d548d40 | test_prf_vector: release key-key@0x55f33d54aa00 | test_prf_vector: release output-key@NULL 8 CPU cores online starting up 7 crypto helpers started thread for crypto helper 0 started thread for crypto helper 1 started thread for crypto helper 2 started thread for crypto helper 3 started thread for crypto helper 4 started thread for crypto helper 5 started thread for crypto helper 6 | checking IKEv1 state table | MAIN_R0: category: half-open IKE SA flags: 0: | -> MAIN_R1 EVENT_SO_DISCARD | MAIN_I1: category: half-open IKE SA flags: 0: | -> MAIN_I2 EVENT_RETRANSMIT | MAIN_R1: category: open IKE SA flags: 200: | -> MAIN_R2 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_I2: category: open IKE SA flags: 0: | -> MAIN_I3 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_R2: category: open IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | -> MAIN_R3 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_I3: category: open IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | -> MAIN_I4 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_R3: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | MAIN_I4: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | AGGR_R0: category: half-open IKE SA flags: 0: | -> AGGR_R1 EVENT_SO_DISCARD | AGGR_I1: category: half-open IKE SA flags: 0: | -> AGGR_I2 EVENT_SA_REPLACE | -> AGGR_I2 EVENT_SA_REPLACE | AGGR_R1: category: open IKE SA flags: 200: | -> AGGR_R2 EVENT_SA_REPLACE | -> AGGR_R2 EVENT_SA_REPLACE | AGGR_I2: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | AGGR_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | QUICK_R0: category: established CHILD SA flags: 0: | -> QUICK_R1 EVENT_RETRANSMIT | QUICK_I1: category: established CHILD SA flags: 0: | -> QUICK_I2 EVENT_SA_REPLACE | QUICK_R1: category: established CHILD SA flags: 0: | -> QUICK_R2 EVENT_SA_REPLACE | QUICK_I2: category: established CHILD SA flags: 200: | -> UNDEFINED EVENT_NULL | QUICK_R2: category: established CHILD SA flags: 0: | -> UNDEFINED EVENT_NULL | INFO: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | INFO_PROTECTED: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | XAUTH_R0: category: established IKE SA flags: 0: | -> XAUTH_R1 EVENT_NULL | XAUTH_R1: category: established IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | MODE_CFG_R0: category: informational flags: 0: | -> MODE_CFG_R1 EVENT_SA_REPLACE | MODE_CFG_R1: category: established IKE SA flags: 0: | -> MODE_CFG_R2 EVENT_SA_REPLACE | MODE_CFG_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | MODE_CFG_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | XAUTH_I0: category: established IKE SA flags: 0: | -> XAUTH_I1 EVENT_RETRANSMIT | XAUTH_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_RETRANSMIT | checking IKEv2 state table | PARENT_I0: category: ignore flags: 0: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) | PARENT_I1: category: half-open IKE SA flags: 0: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) | PARENT_I2: category: open IKE SA flags: 0: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) | PARENT_I3: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) | PARENT_R0: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) | PARENT_R1: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) | starting up helper thread 6 | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) | status value returned by setting the priority of this thread (crypto helper 6) 22 | crypto helper 6 waiting (nothing to do) | PARENT_R2: category: established IKE SA flags: 0: | starting up helper thread 0 | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) | starting up helper thread 2 | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) | status value returned by setting the priority of this thread (crypto helper 0) 22 | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) | status value returned by setting the priority of this thread (crypto helper 2) 22 | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) | crypto helper 0 waiting (nothing to do) | V2_CREATE_I0: category: established IKE SA flags: 0: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) | crypto helper 2 waiting (nothing to do) | V2_CREATE_I: category: established IKE SA flags: 0: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) | V2_REKEY_IKE_I: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: | V2_CREATE_R: category: established IKE SA flags: 0: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) | V2_REKEY_IKE_R: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: | V2_IPSEC_I: category: established CHILD SA flags: 0: | V2_IPSEC_R: category: established CHILD SA flags: 0: | IKESA_DEL: category: established IKE SA flags: 0: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) | CHILDSA_DEL: category: informational flags: 0: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ | Hard-wiring algorithms | adding AES_CCM_16 to kernel algorithm db | adding AES_CCM_12 to kernel algorithm db | adding AES_CCM_8 to kernel algorithm db | adding 3DES_CBC to kernel algorithm db | adding CAMELLIA_CBC to kernel algorithm db | adding AES_GCM_16 to kernel algorithm db | adding AES_GCM_12 to kernel algorithm db | adding AES_GCM_8 to kernel algorithm db | adding AES_CTR to kernel algorithm db | adding AES_CBC to kernel algorithm db | adding SERPENT_CBC to kernel algorithm db | adding TWOFISH_CBC to kernel algorithm db | adding NULL_AUTH_AES_GMAC to kernel algorithm db | adding NULL to kernel algorithm db | adding CHACHA20_POLY1305 to kernel algorithm db | adding HMAC_MD5_96 to kernel algorithm db | adding HMAC_SHA1_96 to kernel algorithm db | adding HMAC_SHA2_512_256 to kernel algorithm db | adding HMAC_SHA2_384_192 to kernel algorithm db | adding HMAC_SHA2_256_128 to kernel algorithm db | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db | adding AES_XCBC_96 to kernel algorithm db | adding AES_CMAC_96 to kernel algorithm db | adding NONE to kernel algorithm db | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds | setup kernel fd callback | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55f33d541b20 | libevent_malloc: new ptr-libevent@0x55f33d54e830 size 128 | libevent_malloc: new ptr-libevent@0x55f33d53d150 size 16 | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55f33d53cb30 | libevent_malloc: new ptr-libevent@0x55f33d54e8c0 size 128 | libevent_malloc: new ptr-libevent@0x55f33d541bb0 size 16 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98946b (length 11) | 4b 41 4d 45 2f 72 61 63 6f 6f 6e | vendor id hash md5 final bytes@0x55f33d541900 (length 16) | 70 03 cb c1 09 7d be 9c 26 00 ba 69 83 bc 8b 35 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98a260 (length 46) | 4e 4c 42 53 5f 50 52 45 53 45 4e 54 28 4e 4c 42 | 2f 4d 53 43 53 20 66 61 73 74 20 66 61 69 6c 6f | 76 65 72 20 73 75 70 70 6f 72 74 65 64 29 | vendor id hash md5 final bytes@0x55f33d5425a0 (length 16) | ec 22 62 b5 12 32 63 83 67 12 3b ce 3d 37 3c 5e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98a290 (length 32) | 4d 53 2d 4d 61 6d 69 65 45 78 69 73 74 73 28 41 | 75 74 68 49 50 20 73 75 70 70 6f 72 74 65 64 29 | vendor id hash md5 final bytes@0x55f33d541ae0 (length 16) | 6f fe a4 ae ec 37 f4 9a 02 6f 97 cf b5 53 30 6d | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b9895ee (length 17) | 49 4b 45 20 43 47 41 20 76 65 72 73 69 6f 6e 20 | 31 | vendor id hash md5 final bytes@0x55f33d53d080 (length 16) | e3 a5 96 6a 76 37 9f e7 07 22 82 31 e5 ce 86 52 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98a2b8 (length 32) | 4d 53 2d 4e 65 67 6f 74 69 61 74 69 6f 6e 20 44 | 69 73 63 6f 76 65 72 79 20 43 61 70 61 62 6c 65 | vendor id hash md5 final bytes@0x55f33d542830 (length 16) | fb 1d e3 cd f3 41 b7 ea 16 b7 e5 be 08 55 f1 20 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989600 (length 23) | 4d 69 63 72 6f 73 6f 66 74 20 58 62 6f 78 20 4f | 6e 65 20 32 30 31 33 | vendor id hash md5 final bytes@0x55f33d54ab40 (length 16) | 8a a3 94 cf 8a 55 77 dc 31 10 c1 13 b0 27 a4 f2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989618 (length 22) | 58 62 6f 78 20 49 4b 45 76 32 20 4e 65 67 6f 74 | 69 61 74 69 6f 6e | vendor id hash md5 final bytes@0x55f33d541b60 (length 16) | aa 28 1f cc d6 8c f8 a8 dc b8 5c c0 a7 10 40 2a | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98962f (length 28) | 4d 53 46 54 20 49 50 73 65 63 20 53 65 63 75 72 | 69 74 79 20 52 65 61 6c 6d 20 49 64 | vendor id hash md5 final bytes@0x55f33d53cf90 (length 16) | 68 6a 8c bd fe 63 4b 40 51 46 fb 2b af 33 e9 e8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98a2e0 (length 39) | 41 20 47 53 53 2d 41 50 49 20 41 75 74 68 65 6e | 74 69 63 61 74 69 6f 6e 20 4d 65 74 68 6f 64 20 | 66 6f 72 20 49 4b 45 | vendor id hash md5 final bytes@0x55f33d54ab60 (length 16) | ad 2c 0d d0 b9 c3 20 83 cc ba 25 b8 86 1e c4 55 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98964c (length 6) | 47 53 53 41 50 49 | vendor id hash md5 final bytes@0x55f33d54ead0 (length 16) | 62 1b 04 bb 09 88 2a c1 e1 59 35 fe fa 24 ae ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989653 (length 12) | 53 53 48 20 53 65 6e 74 69 6e 65 6c | vendor id hash md5 final bytes@0x55f33d54eaf0 (length 16) | 05 41 82 a0 7c 7a e2 06 f9 d2 cf 9d 24 32 c4 82 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989660 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 31 | vendor id hash md5 final bytes@0x55f33d54eb10 (length 16) | b9 16 23 e6 93 ca 18 a5 4c 6a 27 78 55 23 05 e8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989671 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 32 | vendor id hash md5 final bytes@0x55f33d54eb30 (length 16) | 54 30 88 8d e0 1a 31 a6 fa 8f 60 22 4e 44 99 58 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989682 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 33 | vendor id hash md5 final bytes@0x55f33d54eb50 (length 16) | 7e e5 cb 85 f7 1c e2 59 c9 4a 5c 73 1e e4 e7 52 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989693 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 34 | vendor id hash md5 final bytes@0x55f33d54eb70 (length 16) | 63 d9 a1 a7 00 94 91 b5 a0 a6 fd eb 2a 82 84 f0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b9896a4 (length 18) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 34 | 2e 31 | vendor id hash md5 final bytes@0x55f33d54eb90 (length 16) | eb 4b 0d 96 27 6b 4e 22 0a d1 62 21 a7 b2 a5 e6 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98a308 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 31 2e 30 | vendor id hash md5 final bytes@0x55f33d54ebb0 (length 16) | fb f4 76 14 98 40 31 fa 8e 3b b6 19 80 89 b2 23 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98a340 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 31 2e 31 | vendor id hash md5 final bytes@0x55f33d54ebd0 (length 16) | 19 52 dc 91 ac 20 f6 46 fb 01 cf 42 a3 3a ee 30 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98a378 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 31 2e 32 | vendor id hash md5 final bytes@0x55f33d54ebf0 (length 16) | e8 bf fa 64 3e 5c 8f 2c d1 0f da 73 70 b6 eb e5 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98a3b0 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 32 2e 31 | vendor id hash md5 final bytes@0x55f33d54ec10 (length 16) | c1 11 1b 2d ee 8c bc 3d 62 05 73 ec 57 aa b9 cb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98a3e8 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 32 2e 32 | vendor id hash md5 final bytes@0x55f33d54ec30 (length 16) | 09 ec 27 bf bc 09 c7 58 23 cf ec bf fe 56 5a 2e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98a420 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 30 2e 30 | vendor id hash md5 final bytes@0x55f33d54ec50 (length 16) | 7f 21 a5 96 e4 e3 18 f0 b2 f4 94 4c 23 84 cb 84 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98a458 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 31 2e 30 | vendor id hash md5 final bytes@0x55f33d54ec70 (length 16) | 28 36 d1 fd 28 07 bc 9e 5a e3 07 86 32 04 51 ec | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98a490 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 31 2e 31 | vendor id hash md5 final bytes@0x55f33d54ec90 (length 16) | a6 8d e7 56 a9 c5 22 9b ae 66 49 80 40 95 1a d5 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98a4c8 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 31 2e 32 | vendor id hash md5 final bytes@0x55f33d54ecb0 (length 16) | 3f 23 72 86 7e 23 7c 1c d8 25 0a 75 55 9c ae 20 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98a500 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 33 2e 30 2e 30 | vendor id hash md5 final bytes@0x55f33d54ecd0 (length 16) | 0e 58 d5 77 4d f6 02 00 7d 0b 02 44 36 60 f7 eb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98a538 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 33 2e 30 2e 31 | vendor id hash md5 final bytes@0x55f33d54ecf0 (length 16) | f5 ce 31 eb c2 10 f4 43 50 cf 71 26 5b 57 38 0f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98a570 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 30 2e 30 | vendor id hash md5 final bytes@0x55f33d54ed10 (length 16) | f6 42 60 af 2e 27 42 da dd d5 69 87 06 8a 99 a0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98a5a8 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 30 2e 31 | vendor id hash md5 final bytes@0x55f33d54ed30 (length 16) | 7a 54 d3 bd b3 b1 e6 d9 23 89 20 64 be 2d 98 1c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98a5e0 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 31 2e 30 | vendor id hash md5 final bytes@0x55f33d54ed50 (length 16) | 9a a1 f3 b4 34 72 a4 5d 5f 50 6a eb 26 0c f2 14 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98a618 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 32 2e 30 | vendor id hash md5 final bytes@0x55f33d54ed70 (length 16) | 68 80 c7 d0 26 09 91 14 e4 86 c5 54 30 e7 ab ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98a650 (length 41) | 4c 69 6e 75 78 20 46 72 65 65 53 2f 57 41 4e 20 | 32 2e 30 30 20 50 4c 55 54 4f 5f 53 45 4e 44 53 | 5f 56 45 4e 44 4f 52 49 44 | vendor id hash md5 final bytes@0x7ffc7be60280 (length 16) | 44 76 1b d7 6b 80 85 41 74 87 ee 8a 51 cf fc f3 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98a680 (length 53) | 4c 69 6e 75 78 20 46 72 65 65 53 2f 57 41 4e 20 | 32 2e 30 30 20 58 2e 35 30 39 2d 31 2e 33 2e 31 | 20 50 4c 55 54 4f 5f 53 45 4e 44 53 5f 56 45 4e | 44 4f 52 49 44 | vendor id hash md5 final bytes@0x7ffc7be60280 (length 16) | b7 0e 8a c3 92 b1 6e 05 48 2f c4 dc 36 10 91 68 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98a6b8 (length 58) | 4c 69 6e 75 78 20 46 72 65 65 53 2f 57 41 4e 20 | 32 2e 30 30 20 58 2e 35 30 39 2d 31 2e 33 2e 31 | 20 4c 44 41 50 20 50 4c 55 54 4f 5f 53 45 4e 44 | 53 5f 56 45 4e 44 4f 52 49 44 | vendor id hash md5 final bytes@0x7ffc7be60280 (length 16) | 97 1d ea 93 c3 c2 06 74 f9 ae 35 40 83 de 3e 2f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989791 (length 14) | 4f 70 65 6e 73 77 61 6e 20 32 2e 32 2e 30 | vendor id hash md5 final bytes@0x7ffc7be60280 (length 16) | 08 72 0b ee 9e 28 95 3c e0 8f 0a 18 b6 e2 9d da | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98a720 (length 37) | 64 72 61 66 74 2d 73 74 65 6e 62 65 72 67 2d 69 | 70 73 65 63 2d 6e 61 74 2d 74 72 61 76 65 72 73 | 61 6c 2d 30 31 | vendor id hash md5 final bytes@0x55f33d54ef70 (length 16) | 27 ba b5 dc 01 ea 07 60 ea 4e 31 90 ac 27 c0 d0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98a748 (length 37) | 64 72 61 66 74 2d 73 74 65 6e 62 65 72 67 2d 69 | 70 73 65 63 2d 6e 61 74 2d 74 72 61 76 65 72 73 | 61 6c 2d 30 32 | vendor id hash md5 final bytes@0x55f33d54ef90 (length 16) | 61 05 c4 22 e7 68 47 e4 3f 96 84 80 12 92 ae cd | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b9897b9 (length 10) | 45 53 50 54 68 72 75 4e 41 54 | vendor id hash md5 final bytes@0x55f33d54efb0 (length 16) | 50 76 0f 62 4c 63 e5 c5 3e ea 38 6c 68 5c a0 83 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98a770 (length 38) | 64 72 61 66 74 2d 68 75 74 74 75 6e 65 6e 2d 69 | 70 73 65 63 2d 65 73 70 2d 69 6e 2d 75 64 70 2d | 30 30 2e 74 78 74 | vendor id hash md5 final bytes@0x55f33d54efd0 (length 16) | 6a 74 34 c1 9d 7e 36 34 80 90 a0 23 34 c9 c8 05 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b9897c4 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 30 | vendor id hash md5 final bytes@0x55f33d54eff0 (length 16) | 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b9897e2 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 31 | vendor id hash md5 final bytes@0x55f33d54f010 (length 16) | 16 f6 ca 16 e4 a4 06 6d 83 82 1a 0f 0a ea a8 62 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989800 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 32 | vendor id hash md5 final bytes@0x55f33d54f030 (length 16) | cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98a798 (length 30) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 32 0a | vendor id hash md5 final bytes@0x55f33d54f050 (length 16) | 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98981e (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 33 | vendor id hash md5 final bytes@0x55f33d54f070 (length 16) | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98983c (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 34 | vendor id hash md5 final bytes@0x55f33d54f090 (length 16) | 99 09 b6 4e ed 93 7c 65 73 de 52 ac e9 52 fa 6b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98985a (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 35 | vendor id hash md5 final bytes@0x55f33d54f0b0 (length 16) | 80 d0 bb 3d ef 54 56 5e e8 46 45 d4 c8 5c e3 ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989878 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 36 | vendor id hash md5 final bytes@0x55f33d54f0d0 (length 16) | 4d 1e 0e 13 6d ea fa 34 c4 f3 ea 9f 02 ec 72 85 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989896 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 37 | vendor id hash md5 final bytes@0x55f33d54f0f0 (length 16) | 43 9b 59 f8 ba 67 6c 4c 77 37 ae 22 ea b8 f5 82 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b9898b4 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 38 | vendor id hash md5 final bytes@0x55f33d54f110 (length 16) | 8f 8d 83 82 6d 24 6b 6f c7 a8 a6 a4 28 c1 1d e8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b9898d2 (length 26) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 | vendor id hash md5 final bytes@0x55f33d54f130 (length 16) | 4d f3 79 28 e9 fc 4f d1 b3 26 21 70 d5 15 c6 62 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b9898ed (length 8) | 52 46 43 20 33 39 34 37 | vendor id hash md5 final bytes@0x55f33d54f150 (length 16) | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b992707 (length 13) | 46 52 41 47 4d 45 4e 54 41 54 49 4f 4e | vendor id hash md5 final bytes@0x55f33d54edd0 (length 16) | 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98999d (length 19) | 56 69 64 2d 49 6e 69 74 69 61 6c 2d 43 6f 6e 74 | 61 63 74 | vendor id hash md5 final bytes@0x55f33d54ee10 (length 16) | 26 24 4d 38 ed db 61 b3 17 2a 36 e3 d0 cf b8 19 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b98a2b8 (length 32) | 4d 53 2d 4e 65 67 6f 74 69 61 74 69 6f 6e 20 44 | 69 73 63 6f 76 65 72 79 20 43 61 70 61 62 6c 65 | vendor id hash md5 final bytes@0x55f33d54edf0 (length 16) | fb 1d e3 cd f3 41 b7 ea 16 b7 e5 be 08 55 f1 20 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b9895ee (length 17) | 49 4b 45 20 43 47 41 20 76 65 72 73 69 6f 6e 20 | 31 | vendor id hash md5 final bytes@0x55f33d54eea0 (length 16) | e3 a5 96 6a 76 37 9f e7 07 22 82 31 e5 ce 86 52 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b9899b1 (length 14) | 4d 53 2d 4d 61 6d 69 65 45 78 69 73 74 73 | vendor id hash md5 final bytes@0x55f33d54eec0 (length 16) | 21 4c a4 fa ff a7 f3 2d 67 48 e5 30 33 95 ae 83 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b978bfd (length 10) | 73 74 72 6f 6e 67 53 77 61 6e | vendor id hash md5 final bytes@0x55f33d54eee0 (length 16) | 88 2f e5 6d 6f d2 0d bc 22 51 61 3b 2e be 5b eb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b9899c0 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 30 | vendor id hash md5 final bytes@0x55f33d54ee80 (length 16) | 2c e9 c9 46 a4 c8 79 bf 11 b5 0b 76 cc 56 92 cb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b9899d1 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 31 | vendor id hash md5 final bytes@0x55f33d54f310 (length 16) | 9d bb af cf 1d b0 dd 59 5a e0 65 29 40 03 ad 3e | vendor id hash md5 init | starting up helper thread 3 | status value returned by setting the priority of this thread (crypto helper 3) 22 | crypto helper 3 waiting (nothing to do) | starting up helper thread 4 | status value returned by setting the priority of this thread (crypto helper 4) 22 | vendor id hash md5 digest data-bytes@0x55f33b9899e2 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 32 | crypto helper 4 waiting (nothing to do) | vendor id hash md5 final bytes@0x55f33d54f330 (length 16) | 77 e8 ee a6 f5 56 a4 99 de 3f fe 7f 7f 95 66 1c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b9899f3 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 33 | vendor id hash md5 final bytes@0x55f33d54f350 (length 16) | b1 81 b1 8e 11 4f c2 09 b3 c6 e2 6c 3a 80 71 8e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989a04 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 34 | vendor id hash md5 final bytes@0x55f33d54f370 (length 16) | 1e f2 83 f8 35 49 b5 ff 96 08 b6 d6 34 f8 4d 75 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989a15 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 35 | vendor id hash md5 final bytes@0x55f33d54f390 (length 16) | dd 18 0d 21 e5 ce 65 5a 76 8b a3 22 11 dd 8a d9 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989a26 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 36 | vendor id hash md5 final bytes@0x55f33d54f3b0 (length 16) | 4c 90 13 69 46 57 7b 51 91 9d 8d 9a 6b 8e 4a 9f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989a37 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 37 | vendor id hash md5 final bytes@0x55f33d54f3d0 (length 16) | ab 07 46 22 1c c8 fd 0d 52 38 f7 3a 9b 3d a5 57 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989a48 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 30 | vendor id hash md5 final bytes@0x55f33d54f3f0 (length 16) | 47 94 ce f6 84 34 22 98 0d 1a 3d 06 af 41 c5 cd | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989a59 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 31 | vendor id hash md5 final bytes@0x55f33d54f410 (length 16) | d3 f1 c4 88 c3 68 17 5d 5f 40 a8 f5 ca 5f 5e 12 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989a6a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 32 | starting up helper thread 1 | status value returned by setting the priority of this thread (crypto helper 1) 22 | crypto helper 1 waiting (nothing to do) | starting up helper thread 5 | status value returned by setting the priority of this thread (crypto helper 5) 22 | crypto helper 5 waiting (nothing to do) | vendor id hash md5 final bytes@0x55f33d54f430 (length 16) | 15 a1 ac e7 ee 52 fd df ef 04 f9 28 db 2d d1 34 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989a7b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 33 | vendor id hash md5 final bytes@0x55f33d54f450 (length 16) | 58 49 ab 6d 8b ea bd 6e 4d 09 e5 a3 b8 8c 08 9a | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989a8c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 34 | vendor id hash md5 final bytes@0x55f33d54f470 (length 16) | 31 2f 9c b1 a6 b9 0e 19 de 75 28 c9 04 ac 30 87 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989a9d (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 35 | vendor id hash md5 final bytes@0x55f33d54f490 (length 16) | bf 0f bf 73 06 eb b7 82 70 42 d8 93 53 98 86 e2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989aae (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 36 | vendor id hash md5 final bytes@0x55f33d54f4b0 (length 16) | d1 96 83 36 8a f4 b0 ed c2 1c cd e9 82 b1 d1 b0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989abf (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 37 | vendor id hash md5 final bytes@0x55f33d54f4d0 (length 16) | ea 84 0a a4 df c9 71 2d 6c 32 b5 a1 6e b3 29 a3 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989ad0 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 38 | vendor id hash md5 final bytes@0x55f33d54f4f0 (length 16) | 66 a2 04 55 07 c1 19 da 78 a4 66 62 59 cd ea 48 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989ae1 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 39 | vendor id hash md5 final bytes@0x55f33d54f510 (length 16) | 78 fd d2 87 de f0 1a 3f 07 4b 53 69 ea b4 fd 1c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989af2 (length 17) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 31 | 30 | vendor id hash md5 final bytes@0x55f33d54f530 (length 16) | bf 3a 89 ae 5b ef 8e 72 d4 4d ac 8b b8 8d 7d 5f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989b04 (length 17) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 31 | 31 | vendor id hash md5 final bytes@0x55f33d54f550 (length 16) | b7 bd 9f 2f 97 8e 32 59 a7 aa 9f 7a 13 96 ad 6c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989b16 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 30 | vendor id hash md5 final bytes@0x55f33d54f570 (length 16) | 9f 68 90 13 25 a9 72 89 43 35 30 2a 95 31 ab 9f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989b27 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 31 | vendor id hash md5 final bytes@0x55f33d54f590 (length 16) | ba b2 53 f4 cb 10 a8 10 8a 7c 92 7c 56 c8 78 86 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989b38 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 32 | vendor id hash md5 final bytes@0x55f33d54f5b0 (length 16) | 2a 51 7d 0d 23 c3 7d 08 bc e7 c2 92 a0 21 7b 39 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989b49 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 33 | vendor id hash md5 final bytes@0x55f33d54f5d0 (length 16) | 2d 1f 40 61 18 fb d5 d2 84 74 79 1f fa 00 48 8a | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989b5a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 38 | vendor id hash md5 final bytes@0x55f33d54f5f0 (length 16) | 8c 4a 3b cb 72 9b 11 f7 03 d2 2a 5b 39 64 0c a8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989b6b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 37 | vendor id hash md5 final bytes@0x55f33d54f610 (length 16) | 3a 0d 4e 7c a4 e4 92 ed 4d fe 47 6d 1a c6 01 8b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989b7c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 36 | vendor id hash md5 final bytes@0x55f33d54f630 (length 16) | fe 3f 49 70 6e 26 a9 fb 36 a8 7b fc e9 ea 36 ce | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989b8d (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 35 | vendor id hash md5 final bytes@0x55f33d54f650 (length 16) | 4c 7e fa 31 b3 9e 51 04 32 a3 17 57 0d 97 bb b9 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989b9e (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 34 | vendor id hash md5 final bytes@0x55f33d54f670 (length 16) | 76 c7 2b fd 39 84 24 dd 00 1b 86 d0 01 2f e0 61 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989baf (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 33 | vendor id hash md5 final bytes@0x55f33d54f690 (length 16) | fb 46 41 ad 0e eb 2a 34 49 1d 15 f4 ef f5 10 63 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989bc0 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 32 | vendor id hash md5 final bytes@0x55f33d54f6b0 (length 16) | 29 99 32 27 7b 7d fe 38 2c e2 34 65 33 3a 7d 23 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989bd1 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 31 | vendor id hash md5 final bytes@0x55f33d54f6d0 (length 16) | e3 7f 2d 5b a8 9a 62 cd 20 2e e2 7d ac 06 c8 a8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989be2 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 30 | vendor id hash md5 final bytes@0x55f33d54f6f0 (length 16) | 32 f0 e9 b9 c0 6d fe 8c 9a d5 59 9a 63 69 71 a1 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989bf3 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 33 | vendor id hash md5 final bytes@0x55f33d54f710 (length 16) | 7f 50 cc 4e bf 04 c2 d9 da 73 ab fd 69 b7 7a a2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989c04 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 32 | vendor id hash md5 final bytes@0x55f33d54f730 (length 16) | a1 94 e2 aa dd d0 ba fb 95 25 3d d9 6d c7 33 eb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989c15 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 31 | vendor id hash md5 final bytes@0x55f33d54f750 (length 16) | 81 34 87 85 82 12 17 85 ba 65 ea 34 5d 6b a7 24 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989c26 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 30 | vendor id hash md5 final bytes@0x55f33d54f770 (length 16) | 07 fa 12 8e 47 54 f9 44 7b 1d d4 63 74 ee f3 60 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989c37 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 34 | vendor id hash md5 final bytes@0x55f33d54f790 (length 16) | b9 27 f9 52 19 a0 fe 36 00 db a3 c1 18 2a e5 5f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989c48 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 33 | vendor id hash md5 final bytes@0x55f33d54f7b0 (length 16) | b2 86 0e 78 37 f7 11 be f3 d0 ee b1 06 87 2d ed | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989c59 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 32 | vendor id hash md5 final bytes@0x55f33d54f7d0 (length 16) | 5b 1c d6 fe 7d 05 0e da 6c 93 87 1c 10 7d b3 d2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989c6a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 31 | vendor id hash md5 final bytes@0x55f33d54f7f0 (length 16) | 66 af bc 12 bb fe 6c e1 08 b1 f6 9f 4b c9 17 b7 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989c7b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 30 | vendor id hash md5 final bytes@0x55f33d54f810 (length 16) | 3f 32 66 49 9f fd bd 85 95 0e 70 22 98 06 28 44 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989c8c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 37 | vendor id hash md5 final bytes@0x55f33d54f830 (length 16) | 1f 44 42 29 6b 83 d7 e3 3a 8b 45 20 9b a0 e5 90 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989c9d (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 36 | vendor id hash md5 final bytes@0x55f33d54f850 (length 16) | 3c 5e ba 3d 85 64 92 8e 32 ae 43 c3 d9 92 4d ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989cae (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 35 | vendor id hash md5 final bytes@0x55f33d54f870 (length 16) | 3f 26 7e d6 21 ad a7 ee 6c 7d 88 93 cc b0 b1 4b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989cbf (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 34 | vendor id hash md5 final bytes@0x55f33d54f890 (length 16) | 7a 6b f5 b7 df 89 64 2a 75 a7 8e f7 d6 57 c1 c0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989cd0 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 33 | vendor id hash md5 final bytes@0x55f33d54f8b0 (length 16) | df 5b 1f 0f 1d 56 79 d9 f8 51 2b 16 c5 5a 60 65 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989ce1 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 32 | vendor id hash md5 final bytes@0x55f33d54f8d0 (length 16) | 86 1c e5 eb 72 16 4b 19 0e 9e 62 9a 31 cf 49 01 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989cf2 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 31 | vendor id hash md5 final bytes@0x55f33d54f8f0 (length 16) | 9a 4a 46 48 f6 0f 8e da 7c fc bf e2 71 ee 5b 7d | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989d03 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 30 | vendor id hash md5 final bytes@0x55f33d54f910 (length 16) | 9e b3 d9 07 ed 7a da 4e 3c bc ac b9 17 ab c8 e4 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989d14 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 34 | vendor id hash md5 final bytes@0x55f33d54f930 (length 16) | 48 5a 70 36 1b 44 33 b3 1d ea 1c 6b e0 df 24 3e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989d25 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 33 | vendor id hash md5 final bytes@0x55f33d54f950 (length 16) | 98 2b 7a 06 3a 33 c1 43 a8 ea dc 88 24 9f 6b cc | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989d36 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 32 | vendor id hash md5 final bytes@0x55f33d54f970 (length 16) | e7 a3 fd 0c 6d 77 1a 8f 1b 8a 86 a4 16 9c 9e a4 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989d47 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 31 | vendor id hash md5 final bytes@0x55f33d54f990 (length 16) | 75 b0 65 3c b2 81 eb 26 d3 1e de 38 c8 e1 e2 28 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989d58 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 30 | vendor id hash md5 final bytes@0x55f33d54f9b0 (length 16) | e8 29 c8 81 49 ba b3 c0 ce e8 5d a6 0e 18 ae 9b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989d69 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 33 2e 32 | vendor id hash md5 final bytes@0x55f33d54f9d0 (length 16) | 42 a4 83 4c 92 ab 9a 77 77 06 3a fa 25 4b cb 69 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989d7a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 33 2e 31 | vendor id hash md5 final bytes@0x55f33d54f9f0 (length 16) | f6 97 c1 af cc 2e c8 dd cd f9 9d c7 af 03 a6 7f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989d8b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 33 2e 30 | vendor id hash md5 final bytes@0x55f33d54fa10 (length 16) | b8 f9 2b 2f a2 d3 fe 5f e1 58 34 4b da 1c c6 ae | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989d9c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 32 2e 32 | vendor id hash md5 final bytes@0x55f33d54fa30 (length 16) | 99 dc 7c c8 23 37 6b 3b 33 d0 43 57 89 6a e0 7b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989dad (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 32 2e 31 | vendor id hash md5 final bytes@0x55f33d54fa50 (length 16) | d9 11 8b 1e 9d e5 ef ce d9 cc 9d 88 3f 21 68 ff | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b989dbe (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 32 2e 30 | vendor id hash md5 final bytes@0x55f33d54fa70 (length 16) | 85 b6 cb ec 48 0d 5c 8c d9 88 2c 82 5a c2 c2 44 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x55f33b992707 (length 13) | 46 52 41 47 4d 45 4e 54 41 54 49 4f 4e | vendor id hash md5 final bytes@0x55f33d54fa90 (length 16) | 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | global one-shot timer EVENT_CHECK_CRLS initialized selinux support is enabled. systemd watchdog not enabled - not sending watchdog keepalives | unbound context created - setting debug level to 5 | /etc/hosts lookups activated | /etc/resolv.conf usage activated | outgoing-port-avoid set 0-65535 | outgoing-port-permit set 32768-60999 | Loading dnssec root key from:/var/lib/unbound/root.key | No additional dnssec trust anchors defined via dnssec-trusted= option | Setting up events, loop start | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55f33d541a30 | libevent_malloc: new ptr-libevent@0x55f33d558d70 size 128 | libevent_malloc: new ptr-libevent@0x55f33d558e00 size 16 | libevent_realloc: new ptr-libevent@0x55f33d4ba5b0 size 256 | libevent_malloc: new ptr-libevent@0x55f33d558e20 size 8 | libevent_realloc: new ptr-libevent@0x55f33d54db40 size 144 | libevent_malloc: new ptr-libevent@0x55f33d558e40 size 152 | libevent_malloc: new ptr-libevent@0x55f33d558ee0 size 16 | signal event handler PLUTO_SIGCHLD installed | libevent_malloc: new ptr-libevent@0x55f33d558f00 size 8 | libevent_malloc: new ptr-libevent@0x55f33d558f20 size 152 | signal event handler PLUTO_SIGTERM installed | libevent_malloc: new ptr-libevent@0x55f33d558fc0 size 8 | libevent_malloc: new ptr-libevent@0x55f33d558fe0 size 152 | signal event handler PLUTO_SIGHUP installed | libevent_malloc: new ptr-libevent@0x55f33d559080 size 8 | libevent_realloc: release ptr-libevent@0x55f33d54db40 | libevent_realloc: new ptr-libevent@0x55f33d5590a0 size 256 | libevent_malloc: new ptr-libevent@0x55f33d54db40 size 152 | signal event handler PLUTO_SIGSYS installed | created addconn helper (pid:10404) using fork+execve | forked child 10404 | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | pluto_sd: executing action action: reloading(4), status 0 listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.1.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.45 Kernel supports NIC esp-hw-offload adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth1/eth1 192.1.2.45:4500 adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth0/eth0 192.0.1.254:4500 adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface lo/lo 127.0.0.1:4500 | no interfaces to sort | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | add_fd_read_event_handler: new ethX-pe@0x55f33d559450 | libevent_malloc: new ptr-libevent@0x55f33d559490 size 128 | libevent_malloc: new ptr-libevent@0x55f33d559520 size 16 | setup callback for interface lo 127.0.0.1:4500 fd 22 | add_fd_read_event_handler: new ethX-pe@0x55f33d559540 | libevent_malloc: new ptr-libevent@0x55f33d559580 size 128 | libevent_malloc: new ptr-libevent@0x55f33d559610 size 16 | setup callback for interface lo 127.0.0.1:500 fd 21 | add_fd_read_event_handler: new ethX-pe@0x55f33d559630 | libevent_malloc: new ptr-libevent@0x55f33d559670 size 128 | libevent_malloc: new ptr-libevent@0x55f33d559700 size 16 | setup callback for interface eth0 192.0.1.254:4500 fd 20 | add_fd_read_event_handler: new ethX-pe@0x55f33d559720 | libevent_malloc: new ptr-libevent@0x55f33d559760 size 128 | libevent_malloc: new ptr-libevent@0x55f33d5597f0 size 16 | setup callback for interface eth0 192.0.1.254:500 fd 19 | add_fd_read_event_handler: new ethX-pe@0x55f33d559810 | libevent_malloc: new ptr-libevent@0x55f33d559850 size 128 | libevent_malloc: new ptr-libevent@0x55f33d5598e0 size 16 | setup callback for interface eth1 192.1.2.45:4500 fd 18 | add_fd_read_event_handler: new ethX-pe@0x55f33d559900 | libevent_malloc: new ptr-libevent@0x55f33d559940 size 128 | libevent_malloc: new ptr-libevent@0x55f33d5599d0 size 16 | setup callback for interface eth1 192.1.2.45:500 fd 17 | certs and keys locked by 'free_preshared_secrets' | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | id type added to secret(0x55f33d54ea10) PKK_PSK: @west | id type added to secret(0x55f33d54ea10) PKK_PSK: @east | Processing PSK at line 1: passed | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | pluto_sd: executing action action: ready(5), status 0 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.503 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | pluto_sd: executing action action: reloading(4), status 0 listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.1.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.45 | no interfaces to sort | libevent_free: release ptr-libevent@0x55f33d559490 | free_event_entry: release EVENT_NULL-pe@0x55f33d559450 | add_fd_read_event_handler: new ethX-pe@0x55f33d559450 | libevent_malloc: new ptr-libevent@0x55f33d559490 size 128 | setup callback for interface lo 127.0.0.1:4500 fd 22 | libevent_free: release ptr-libevent@0x55f33d559580 | free_event_entry: release EVENT_NULL-pe@0x55f33d559540 | add_fd_read_event_handler: new ethX-pe@0x55f33d559540 | libevent_malloc: new ptr-libevent@0x55f33d559580 size 128 | setup callback for interface lo 127.0.0.1:500 fd 21 | libevent_free: release ptr-libevent@0x55f33d559670 | free_event_entry: release EVENT_NULL-pe@0x55f33d559630 | add_fd_read_event_handler: new ethX-pe@0x55f33d559630 | libevent_malloc: new ptr-libevent@0x55f33d559670 size 128 | setup callback for interface eth0 192.0.1.254:4500 fd 20 | libevent_free: release ptr-libevent@0x55f33d559760 | free_event_entry: release EVENT_NULL-pe@0x55f33d559720 | add_fd_read_event_handler: new ethX-pe@0x55f33d559720 | libevent_malloc: new ptr-libevent@0x55f33d559760 size 128 | setup callback for interface eth0 192.0.1.254:500 fd 19 | libevent_free: release ptr-libevent@0x55f33d559850 | free_event_entry: release EVENT_NULL-pe@0x55f33d559810 | add_fd_read_event_handler: new ethX-pe@0x55f33d559810 | libevent_malloc: new ptr-libevent@0x55f33d559850 size 128 | setup callback for interface eth1 192.1.2.45:4500 fd 18 | libevent_free: release ptr-libevent@0x55f33d559940 | free_event_entry: release EVENT_NULL-pe@0x55f33d559900 | add_fd_read_event_handler: new ethX-pe@0x55f33d559900 | libevent_malloc: new ptr-libevent@0x55f33d559940 size 128 | setup callback for interface eth1 192.1.2.45:500 fd 17 | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | id type added to secret(0x55f33d54ea10) PKK_PSK: @west | id type added to secret(0x55f33d54ea10) PKK_PSK: @east | Processing PSK at line 1: passed | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | pluto_sd: executing action action: ready(5), status 0 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.294 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned pid 10404 (exited with status 0) | reaped addconn helper child (status 0) | waitpid returned ECHILD (no child processes left) | spent 0.0114 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection westnet-eastnet-ipv4-psk-ikev2 with policy AUTHNULL+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | counting wild cards for ID_NULL is 0 | counting wild cards for ID_NULL is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x55f33d526150 added connection description "westnet-eastnet-ipv4-psk-ikev2" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: AUTHNULL+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[ID_NULL]...192.1.2.23<192.1.2.23>[ID_NULL]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.147 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) add keyid %null | add pubkey 01 03 a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 | add pubkey 8b 49 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e | add pubkey b3 96 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 | add pubkey 09 f0 c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 | add pubkey 8f 95 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 | add pubkey f5 99 f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c | add pubkey ac 34 ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a | add pubkey 94 d3 d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 | add pubkey b2 2b 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 | add pubkey 7d 7a 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a | add pubkey 8f 52 a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 | add pubkey ca 80 db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc | add pubkey 2a b3 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e | add pubkey d3 3a 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 | add pubkey 87 33 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d | add pubkey 6e e8 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f | add pubkey c9 20 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 | add pubkey 15 04 37 f9 | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 | computed rsa CKAID 7f 0f 03 50 | keyid: *AQOm9dY/4 | n a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 8b 49 | n 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e b3 96 | n 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 09 f0 | n c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 8f 95 | n 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 f5 99 | n f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c ac 34 | n ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a 94 d3 | n d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 b2 2b | n 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 7d 7a | n 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a 8f 52 | n a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 ca 80 | n db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc 2a b3 | n 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e d3 3a | n 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 87 33 | n 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d 6e e8 | n 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f c9 20 | n 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 15 04 | n 37 f9 | e 03 | CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 | CKAID 7f 0f 03 50 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.133 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) add keyid %null | ID_NULL: id kind matches | unreference key: 0x55f33d4edc80 ID_NULL cnt 1-- | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 | add pubkey 51 51 48 ef | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 | computed rsa CKAID 8a 82 25 f1 | keyid: *AQO9bJbr3 | n bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 | n c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a | n e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca | n 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 | n f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 | n 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd | n 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 | n af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 | n 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 | n f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 | n 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 | n 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 | n 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 | n 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 | n 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc | n 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f | n 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 | n 48 ef | e 03 | CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 | CKAID 8a 82 25 f1 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0775 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + suppress-retransmits | base impairing = suppress-retransmits | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0434 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in initiate_a_connection() at initiate.c:186) | connection 'westnet-eastnet-ipv4-psk-ikev2' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #1 at 0x55f33d55b3d0 | State DB: adding IKEv2 state #1 in UNDEFINED | pstats #1 ikev2.ike started | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" IKE SA #1 "westnet-eastnet-ipv4-psk-ikev2" "westnet-eastnet-ipv4-psk-ikev2" #1: initiating v2 parent SA | constructing local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE) | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 "westnet-eastnet-ipv4-psk-ikev2": constructed local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 1 for state #1 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55f33d55da40 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x55f33d55da80 size 128 | #1 spent 0.182 milliseconds in ikev2_parent_outI1() | crypto helper 6 resuming | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.258 milliseconds in whack | crypto helper 6 starting work-order 1 for state #1 | crypto helper 6 doing build KE and nonce (ikev2_outI1 KE); request ID 1 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f0524000d60: created | NSS: Local DH MODP2048 secret (pointer): 0x7f0524000d60 | NSS: Public DH wire value: | 2b a9 68 b0 bb cb 3c b0 3e f1 8e 2e ea 4e c8 d2 | f9 fa f8 6c 03 03 34 81 55 c9 2e 0b 62 fb 8d 4e | 53 65 69 a0 33 aa 85 ad 5b 9b 3e 6e 65 51 d8 e1 | 9a 28 cf 3d 62 f7 b4 d6 13 ef 8c ed ab 2e 31 b8 | 48 68 dd 5a 3d 92 b3 5a ee ee 66 f0 ca 4b a9 4e | 20 e5 ef 50 cd 2a 12 fa c7 55 fb fa f9 63 27 09 | b8 99 46 be 60 78 8d a1 fd f3 bc 78 43 d7 a3 3f | 53 a8 a3 fb f6 2a 80 6d 24 79 35 fd 12 ca 26 ba | df f5 86 a1 ac b3 55 82 44 e5 4a 62 30 42 26 54 | 8d dd 93 c7 c4 99 f3 ba 6e 9a 23 55 7b 62 c4 03 | db f1 b7 ab d3 c8 ea 6a d3 34 7d b6 55 ee 50 f6 | d5 db 4c cc 4a b7 f8 e7 81 c3 75 6d f9 74 78 d0 | 27 ea 84 98 42 82 4f 05 30 94 3b 4c a4 ad 6e c0 | 0b a8 07 f4 4c 14 8e c3 50 2b e4 eb 56 62 23 bf | 02 aa 86 3b 17 dc dc 12 b4 3b f0 bc 13 40 6e 7f | 8c 12 ee 5a 5d 7d 43 f4 12 56 9a b7 6d 83 a7 7e | Generated nonce: 84 06 e0 c1 6e 54 4e d2 35 a9 2c ec 84 a9 87 56 | Generated nonce: 02 8a 1c a7 7c c0 b8 29 5b 05 8c f1 32 ca 02 f9 | crypto helper 6 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.001089 seconds | (#1) spent 1.09 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) | crypto helper 6 sending results from work-order 1 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f0524006900 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 1 | calling continuation function 0x55f33b90c630 | ikev2_parent_outI1_continue for #1 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f0524000d60: transferring ownership from helper KE to state #1 | **emit ISAKMP Message: | initiator cookie: | 9c 9c 71 64 08 64 28 f9 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 436 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 2b a9 68 b0 bb cb 3c b0 3e f1 8e 2e ea 4e c8 d2 | ikev2 g^x f9 fa f8 6c 03 03 34 81 55 c9 2e 0b 62 fb 8d 4e | ikev2 g^x 53 65 69 a0 33 aa 85 ad 5b 9b 3e 6e 65 51 d8 e1 | ikev2 g^x 9a 28 cf 3d 62 f7 b4 d6 13 ef 8c ed ab 2e 31 b8 | ikev2 g^x 48 68 dd 5a 3d 92 b3 5a ee ee 66 f0 ca 4b a9 4e | ikev2 g^x 20 e5 ef 50 cd 2a 12 fa c7 55 fb fa f9 63 27 09 | ikev2 g^x b8 99 46 be 60 78 8d a1 fd f3 bc 78 43 d7 a3 3f | ikev2 g^x 53 a8 a3 fb f6 2a 80 6d 24 79 35 fd 12 ca 26 ba | ikev2 g^x df f5 86 a1 ac b3 55 82 44 e5 4a 62 30 42 26 54 | ikev2 g^x 8d dd 93 c7 c4 99 f3 ba 6e 9a 23 55 7b 62 c4 03 | ikev2 g^x db f1 b7 ab d3 c8 ea 6a d3 34 7d b6 55 ee 50 f6 | ikev2 g^x d5 db 4c cc 4a b7 f8 e7 81 c3 75 6d f9 74 78 d0 | ikev2 g^x 27 ea 84 98 42 82 4f 05 30 94 3b 4c a4 ad 6e c0 | ikev2 g^x 0b a8 07 f4 4c 14 8e c3 50 2b e4 eb 56 62 23 bf | ikev2 g^x 02 aa 86 3b 17 dc dc 12 b4 3b f0 bc 13 40 6e 7f | ikev2 g^x 8c 12 ee 5a 5d 7d 43 f4 12 56 9a b7 6d 83 a7 7e | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 84 06 e0 c1 6e 54 4e d2 35 a9 2c ec 84 a9 87 56 | IKEv2 nonce 02 8a 1c a7 7c c0 b8 29 5b 05 8c f1 32 ca 02 f9 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc7be5ea30 (length 8) | 9c 9c 71 64 08 64 28 f9 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc7be5ea38 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc7be5e964 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffc7be5e956 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc7be5e9e0 (length 20) | 6d bd 65 fa 59 d3 19 be ea a1 9c 6d 50 30 40 84 | dd 9b c8 29 | natd_hash: hasher=0x55f33b9e27a0(20) | natd_hash: icookie= 9c 9c 71 64 08 64 28 f9 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 6d bd 65 fa 59 d3 19 be ea a1 9c 6d 50 30 40 84 | natd_hash: hash= dd 9b c8 29 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 6d bd 65 fa 59 d3 19 be ea a1 9c 6d 50 30 40 84 | Notify data dd 9b c8 29 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc7be5ea30 (length 8) | 9c 9c 71 64 08 64 28 f9 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc7be5ea38 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc7be5e964 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffc7be5e956 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc7be5e9e0 (length 20) | 38 c4 00 cd c3 7a fb fb a9 31 55 97 64 a0 3d 5f | d5 84 76 3a | natd_hash: hasher=0x55f33b9e27a0(20) | natd_hash: icookie= 9c 9c 71 64 08 64 28 f9 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 38 c4 00 cd c3 7a fb fb a9 31 55 97 64 a0 3d 5f | natd_hash: hash= d5 84 76 3a | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 38 c4 00 cd c3 7a fb fb a9 31 55 97 64 a0 3d 5f | Notify data d5 84 76 3a | emitting length of IKEv2 Notify Payload: 28 | ***emit IKEv2 Vendor ID Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Vendor ID Payload (43:ISAKMP_NEXT_v2V) | next payload chain: saving location 'IKEv2 Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 19 raw bytes of Opportunistic IPsec into IKEv2 Vendor ID Payload | Opportunistic IPsec 4f 70 70 6f 72 74 75 6e 69 73 74 69 63 20 49 50 | Opportunistic IPsec 73 65 63 | emitting length of IKEv2 Vendor ID Payload: 23 | emitting length of ISAKMP Message: 851 | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #1 to 4294967295 after switching state | Message ID: IKE #1 skipping update_recv as MD is fake | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "westnet-eastnet-ipv4-psk-ikev2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 851 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 9c 9c 71 64 08 64 28 f9 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 03 53 22 00 01 b4 | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f | 28 00 01 08 00 0e 00 00 2b a9 68 b0 bb cb 3c b0 | 3e f1 8e 2e ea 4e c8 d2 f9 fa f8 6c 03 03 34 81 | 55 c9 2e 0b 62 fb 8d 4e 53 65 69 a0 33 aa 85 ad | 5b 9b 3e 6e 65 51 d8 e1 9a 28 cf 3d 62 f7 b4 d6 | 13 ef 8c ed ab 2e 31 b8 48 68 dd 5a 3d 92 b3 5a | ee ee 66 f0 ca 4b a9 4e 20 e5 ef 50 cd 2a 12 fa | c7 55 fb fa f9 63 27 09 b8 99 46 be 60 78 8d a1 | fd f3 bc 78 43 d7 a3 3f 53 a8 a3 fb f6 2a 80 6d | 24 79 35 fd 12 ca 26 ba df f5 86 a1 ac b3 55 82 | 44 e5 4a 62 30 42 26 54 8d dd 93 c7 c4 99 f3 ba | 6e 9a 23 55 7b 62 c4 03 db f1 b7 ab d3 c8 ea 6a | d3 34 7d b6 55 ee 50 f6 d5 db 4c cc 4a b7 f8 e7 | 81 c3 75 6d f9 74 78 d0 27 ea 84 98 42 82 4f 05 | 30 94 3b 4c a4 ad 6e c0 0b a8 07 f4 4c 14 8e c3 | 50 2b e4 eb 56 62 23 bf 02 aa 86 3b 17 dc dc 12 | b4 3b f0 bc 13 40 6e 7f 8c 12 ee 5a 5d 7d 43 f4 | 12 56 9a b7 6d 83 a7 7e 29 00 00 24 84 06 e0 c1 | 6e 54 4e d2 35 a9 2c ec 84 a9 87 56 02 8a 1c a7 | 7c c0 b8 29 5b 05 8c f1 32 ca 02 f9 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 6d bd 65 fa | 59 d3 19 be ea a1 9c 6d 50 30 40 84 dd 9b c8 29 | 2b 00 00 1c 00 00 40 05 38 c4 00 cd c3 7a fb fb | a9 31 55 97 64 a0 3d 5f d5 84 76 3a 00 00 00 17 | 4f 70 70 6f 72 74 75 6e 69 73 74 69 63 20 49 50 | 73 65 63 | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55f33d55da80 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55f33d55da40 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "westnet-eastnet-ipv4-psk-ikev2" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x55f33d55da40 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x55f33d55da80 size 128 | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49581.861296 | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD | #1 spent 1.01 milliseconds in resume sending helper answer | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f0524006900 | spent 0.0023 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 455 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 9c 9c 71 64 08 64 28 f9 44 56 6c dd dc 1d 37 58 | 21 20 22 20 00 00 00 00 00 00 01 c7 22 00 00 28 | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 | 04 00 00 0e 28 00 01 08 00 0e 00 00 1b 1b 7c 98 | d7 69 fd 5f 80 5c 2f ac 83 93 0f d1 f4 70 8b 3b | fb 8d 33 16 34 f0 f9 cf ea f3 07 7c 2e ac a1 c5 | f1 29 34 d9 3f 04 98 af 47 57 67 0b 93 a7 99 02 | 15 e3 de 93 43 7c 4f e6 13 cd f8 c5 73 23 95 b7 | 41 08 8a a4 f9 50 d3 7e a5 a0 99 39 36 84 74 34 | 09 8a ca a0 d6 87 df 25 08 ef d8 5d b4 2c b3 a1 | 2c 58 d4 9e a6 93 82 19 b4 b0 0f df 20 bc 02 06 | 05 e5 91 ab c0 72 38 33 b0 83 01 3b af 8e 20 c1 | 91 c1 d9 4f 4e d2 bc ef 43 4d 35 ca 7c ce 2d d9 | 8d 28 76 bd cb a2 b2 23 ca 22 43 35 2c 16 be 1d | b0 86 d1 e9 7f 97 67 57 75 90 9a 32 32 cd c2 2c | be 81 e5 77 9f 66 b5 9c c8 b7 bf a0 d1 ed ca bf | c8 44 30 23 0a cb 75 7b 01 9a cd 2e e0 b0 95 55 | 72 59 f2 78 44 f7 b4 ff 12 cb 1c 2b 82 f4 ad 73 | 06 db 72 c8 f8 d4 b6 3b 9d 14 68 8b ed 68 e3 81 | b8 c0 97 07 03 83 d9 d3 fb a3 ee 63 29 00 00 24 | 53 a3 dd f4 8e b2 ab 9f 98 50 a1 42 0a bb cf 7c | 1d e6 99 58 89 5c d8 e7 92 0f 86 7b b0 dd 24 43 | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 | 9c d4 ca cd cf 8d 3c fe 3d d3 a7 06 7a 76 bd d7 | 56 e2 dd de 2b 00 00 1c 00 00 40 05 be 21 d9 90 | f9 31 32 e7 a7 0a 1e 7d 12 cc 51 dd 30 fb d8 80 | 00 00 00 17 4f 70 70 6f 72 74 75 6e 69 73 74 69 | 63 20 49 50 73 65 63 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 9c 9c 71 64 08 64 28 f9 | responder cookie: | 44 56 6c dd dc 1d 37 58 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 455 (0x1c7) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #1 is idle | #1 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2V (0x2b) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2V) | ***parse IKEv2 Vendor ID Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 23 (0x17) | processing payload: ISAKMP_NEXT_v2V (len=19) | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] | #1 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | DH public value received: | 1b 1b 7c 98 d7 69 fd 5f 80 5c 2f ac 83 93 0f d1 | f4 70 8b 3b fb 8d 33 16 34 f0 f9 cf ea f3 07 7c | 2e ac a1 c5 f1 29 34 d9 3f 04 98 af 47 57 67 0b | 93 a7 99 02 15 e3 de 93 43 7c 4f e6 13 cd f8 c5 | 73 23 95 b7 41 08 8a a4 f9 50 d3 7e a5 a0 99 39 | 36 84 74 34 09 8a ca a0 d6 87 df 25 08 ef d8 5d | b4 2c b3 a1 2c 58 d4 9e a6 93 82 19 b4 b0 0f df | 20 bc 02 06 05 e5 91 ab c0 72 38 33 b0 83 01 3b | af 8e 20 c1 91 c1 d9 4f 4e d2 bc ef 43 4d 35 ca | 7c ce 2d d9 8d 28 76 bd cb a2 b2 23 ca 22 43 35 | 2c 16 be 1d b0 86 d1 e9 7f 97 67 57 75 90 9a 32 | 32 cd c2 2c be 81 e5 77 9f 66 b5 9c c8 b7 bf a0 | d1 ed ca bf c8 44 30 23 0a cb 75 7b 01 9a cd 2e | e0 b0 95 55 72 59 f2 78 44 f7 b4 ff 12 cb 1c 2b | 82 f4 ad 73 06 db 72 c8 f8 d4 b6 3b 9d 14 68 8b | ed 68 e3 81 b8 c0 97 07 03 83 d9 d3 fb a3 ee 63 | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Comparing remote proposals against IKE initiator (accepting) 4 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 2 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 8 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 2 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 8 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG | local proposal 3 type ENCR has 1 transforms | local proposal 3 type PRF has 2 transforms | local proposal 3 type INTEG has 2 transforms | local proposal 3 type DH has 8 transforms | local proposal 3 type ESN has 0 transforms | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 4 type ENCR has 1 transforms | local proposal 4 type PRF has 2 transforms | local proposal 4 type INTEG has 2 transforms | local proposal 4 type DH has 8 transforms | local proposal 4 type ESN has 0 transforms | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 3 (0x3) | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_GCM_C=20, found AES_GCM_16 | PRF ike_alg_lookup_by_id id: HMAC_SHA2_512=7, found HMAC_SHA2_512 | integrity ike_alg_lookup_by_id id: NONE=0, found NONE | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc7be5e4f0 (length 8) | 9c 9c 71 64 08 64 28 f9 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc7be5e4f8 (length 8) | 44 56 6c dd dc 1d 37 58 | NATD hash sha digest IP addr-bytes@0x7ffc7be5e484 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffc7be5e476 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc7be5e500 (length 20) | be 21 d9 90 f9 31 32 e7 a7 0a 1e 7d 12 cc 51 dd | 30 fb d8 80 | natd_hash: hasher=0x55f33b9e27a0(20) | natd_hash: icookie= 9c 9c 71 64 08 64 28 f9 | natd_hash: rcookie= 44 56 6c dd dc 1d 37 58 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= be 21 d9 90 f9 31 32 e7 a7 0a 1e 7d 12 cc 51 dd | natd_hash: hash= 30 fb d8 80 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc7be5e4f0 (length 8) | 9c 9c 71 64 08 64 28 f9 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc7be5e4f8 (length 8) | 44 56 6c dd dc 1d 37 58 | NATD hash sha digest IP addr-bytes@0x7ffc7be5e484 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffc7be5e476 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc7be5e520 (length 20) | 9c d4 ca cd cf 8d 3c fe 3d d3 a7 06 7a 76 bd d7 | 56 e2 dd de | natd_hash: hasher=0x55f33b9e27a0(20) | natd_hash: icookie= 9c 9c 71 64 08 64 28 f9 | natd_hash: rcookie= 44 56 6c dd dc 1d 37 58 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 9c d4 ca cd cf 8d 3c fe 3d d3 a7 06 7a 76 bd d7 | natd_hash: hash= 56 e2 dd de | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f0524000d60: transferring ownership from state #1 to helper IKEv2 DH | adding ikev2_inR1outI2 KE work-order 2 for state #1 | state #1 requesting EVENT_RETRANSMIT to be deleted | #1 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x55f33d55da80 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55f33d55da40 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55f33d55da40 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x55f33d55da80 size 128 | #1 spent 0.218 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #1 and saving MD | #1 is busy; has a suspended MD | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) | "westnet-eastnet-ipv4-psk-ikev2" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | crypto helper 0 resuming | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | crypto helper 0 starting work-order 2 for state #1 | #1 spent 0.404 milliseconds in ikev2_process_packet() | crypto helper 0 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | peer's g: 1b 1b 7c 98 d7 69 fd 5f 80 5c 2f ac 83 93 0f d1 | peer's g: f4 70 8b 3b fb 8d 33 16 34 f0 f9 cf ea f3 07 7c | peer's g: 2e ac a1 c5 f1 29 34 d9 3f 04 98 af 47 57 67 0b | processing: STOP connection NULL (in process_md() at demux.c:383) | peer's g: 93 a7 99 02 15 e3 de 93 43 7c 4f e6 13 cd f8 c5 | spent 0.428 milliseconds in comm_handle_cb() reading and processing packet | peer's g: 73 23 95 b7 41 08 8a a4 f9 50 d3 7e a5 a0 99 39 | peer's g: 36 84 74 34 09 8a ca a0 d6 87 df 25 08 ef d8 5d | peer's g: b4 2c b3 a1 2c 58 d4 9e a6 93 82 19 b4 b0 0f df | peer's g: 20 bc 02 06 05 e5 91 ab c0 72 38 33 b0 83 01 3b | peer's g: af 8e 20 c1 91 c1 d9 4f 4e d2 bc ef 43 4d 35 ca | peer's g: 7c ce 2d d9 8d 28 76 bd cb a2 b2 23 ca 22 43 35 | peer's g: 2c 16 be 1d b0 86 d1 e9 7f 97 67 57 75 90 9a 32 | peer's g: 32 cd c2 2c be 81 e5 77 9f 66 b5 9c c8 b7 bf a0 | peer's g: d1 ed ca bf c8 44 30 23 0a cb 75 7b 01 9a cd 2e | peer's g: e0 b0 95 55 72 59 f2 78 44 f7 b4 ff 12 cb 1c 2b | peer's g: 82 f4 ad 73 06 db 72 c8 f8 d4 b6 3b 9d 14 68 8b | peer's g: ed 68 e3 81 b8 c0 97 07 03 83 d9 d3 fb a3 ee 63 | Started DH shared-secret computation in NSS: | new : g_ir-key@0x55f33d54aa00 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f0524000d60: computed shared DH secret key@0x55f33d54aa00 | dh-shared : g^ir-key@0x55f33d54aa00 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha2_512 init Ni | Nr-chunk@0x7f051c001ef0 (length 64) | 84 06 e0 c1 6e 54 4e d2 35 a9 2c ec 84 a9 87 56 | 02 8a 1c a7 7c c0 b8 29 5b 05 8c f1 32 ca 02 f9 | 53 a3 dd f4 8e b2 ab 9f 98 50 a1 42 0a bb cf 7c | 1d e6 99 58 89 5c d8 e7 92 0f 86 7b b0 dd 24 43 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f052f7b0670 | result: Ni | Nr-key@0x55f33d545910 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA512_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x55f33d545910 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f052f7b0658 | result: Ni | Nr-key@0x55f33d548d40 (64-bytes, SHA512_HMAC) | Ni | Nr: release tmp-key@0x55f33d545910 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha2_512 context 0x7f051c002a70 from Ni | Nr-key@0x55f33d548d40 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha2_512 with context 0x7f051c002a70 from Ni | Nr-key@0x55f33d548d40 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x55f33d548d40 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha2_512 crypt-prf@0x7f051c0016b0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha2_512 update g^ir-key@0x55f33d54aa00 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x55f33d54aa00 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x55f33d54aa00 | nss hmac digest hack: symkey-key@0x55f33d54aa00 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55f33d542510 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)796590800: ffffffc9 ffffff82 ffffffd6 ffffffd2 4a 7b 4f 42 77 ffffff8b ffffff82 54 ffffff96 ffffffd0 45 58 5e 6c 27 0e ffffff9b ffffff8f ffffff86 ffffffa9 44 1c 2e 2d 47 2e ffffff9a 40 44 ffffffbd 13 09 6c 40 3c 0c 0b 00 19 ffffffed 67 ffffffa0 23 ffffffe3 ffffffda 45 37 fffffff0 4b fffffff9 75 2f 4d ffffffb9 ffffffe6 ffffff87 74 ffffffe8 77 2c fffffff7 ffffffa7 ffffffc4 ffffff83 ffffffba ffffffc2 2e ffffffbb 1b 3e ffffffa6 42 5a fffffff6 fffffffd ffffffb0 5c 79 54 2c ffffffca ffffffbb 6a ffffffba fffffff2 68 62 ffffffdb fffffffe ffffffc6 fffffffa 35 ffffffea ffffff9a 4e fffffff1 7e ffffff80 26 ffffffd9 71 ffffff80 4f 3e ffffffa3 76 ffffff8d ffffffe2 ffffffbf 63 ffffff9d ffffff93 ffffff9b 6b ffffffaa 26 ffffffd3 ffffffdd 43 01 45 61 ffffffb6 ffffffaa 05 fffffff3 ffffff93 0c ffffff96 fffffff9 ffffffe6 34 ffffffaa 6e ffffff8d ffffffb4 0f ffffff93 fffffffc ffffff91 0f ffffffcc 7f ffffffa7 03 3a 2b ffffff93 1c ffffff95 ffffff94 ffffffea ffffffdf | nss hmac digest hack: release slot-key-key@0x55f33d542510 | nss hmac digest hack extracted len 256 bytes at 0x7f051c004060 | unwrapped: 0c 95 9b 59 c3 5a 8d 94 77 dd 15 6d e0 6c 7b c4 | unwrapped: b8 bf 5a 51 2e e1 7e aa 18 c4 2a 58 b1 ea ad ea | unwrapped: 44 42 95 f6 b0 7a e7 cf a9 0c 5d 7b 5f 3f 32 61 | unwrapped: 63 4f 8a 85 be 32 c3 00 34 da ec f5 e8 03 10 8e | unwrapped: 96 55 5c dd d9 0a b5 24 24 d1 f0 97 13 49 b8 02 | unwrapped: 5a ee a7 30 fb 87 05 c7 96 df 59 03 89 8f c6 dc | unwrapped: 4b 70 4e 50 87 54 f3 9c e7 a2 11 2d 62 58 67 e6 | unwrapped: 5f 2c 17 1c 27 c3 48 ec f8 09 07 ad f8 27 24 8d | unwrapped: ae d3 e5 c8 3f f4 36 62 52 fc 1a 6d e0 fe 60 c8 | unwrapped: 79 c0 f5 be e0 5b 11 1c a1 c3 3b d6 f8 ee cb d1 | unwrapped: b9 db 3c 54 d3 d3 94 41 88 fe 03 88 5a 67 9c 81 | unwrapped: e2 0b 63 24 67 d8 5d 9d 87 6b 6a 51 07 a4 3e 8e | unwrapped: f5 cb a2 9f 35 8c 5b 64 75 eb 1c 36 85 fb 4c 8e | unwrapped: fa 26 0f dc 37 86 bb 77 ac b4 2d 3a ad 3f 35 c0 | unwrapped: 23 84 12 61 a7 97 4b c5 02 43 2b f9 40 b9 d4 23 | unwrapped: 75 80 5a b6 ef 74 f1 57 98 b8 12 bb 43 b9 9a fe | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f052f7b0690 | result: final-key@0x55f33d545910 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 64-bytes | base: base-key@0x55f33d545910 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f052f7b0678 | result: final-key@0x55f33d548d40 (64-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55f33d545910 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha2_512 final-key@0x55f33d548d40 (size 64) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x55f33d548d40 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f052f7b0600 | result: data=Ni-key@0x55f33d53e7c0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x55f33d53e7c0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f052f7b05e8 | result: data=Ni-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x55f33d53e7c0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d545910 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f052f7b05f0 | result: data+=Nr-key@0x55f33d53e7c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55f33d545910 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d53e7c0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f052f7b05f0 | result: data+=SPIi-key@0x55f33d545910 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55f33d53e7c0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d545910 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f052f7b05f0 | result: data+=SPIr-key@0x55f33d53e7c0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x55f33d545910 | prf+0 PRF sha2_512 init key-key@0x55f33d548d40 (size 64) | prf+0: key-key@0x55f33d548d40 (64-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA512_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x55f33d548d40 (64-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f052f7b0518 | result: clone-key@0x55f33d545910 (64-bytes, SHA512_HMAC) | prf+0 prf: created sha2_512 context 0x7f051c002a70 from key-key@0x55f33d545910 | prf+0 prf: begin sha2_512 with context 0x7f051c002a70 from key-key@0x55f33d545910 | prf+0: release clone-key@0x55f33d545910 | prf+0 PRF sha2_512 crypt-prf@0x7f051c001f40 | prf+0 PRF sha2_512 update seed-key@0x55f33d53e7c0 (size 80) | prf+0: seed-key@0x55f33d53e7c0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55f33d53e7c0 | nss hmac digest hack: symkey-key@0x55f33d53e7c0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55f33d542510 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)796590432: 5d 3f ffffffe9 11 2b ffffffbd 42 15 2f 0f fffffff8 ffffff92 46 ffffff89 ffffffa5 ffffffa9 ffffffcd ffffff98 fffffffd 63 ffffffd3 02 ffffffb7 0e ffffff9c ffffffb8 ffffff84 19 58 51 ffffffd7 72 4c 6a ffffffbf ffffffc0 ffffffde ffffffab 61 6b ffffffef 4b ffffffcc 4d 78 ffffff9a ffffffb9 ffffffa7 ffffffe1 62 70 fffffffa 6f ffffffa1 58 75 6e ffffffb5 ffffffc3 ffffffb5 63 0b ffffffc2 3d 4e fffffff8 12 52 21 fffffffd ffffffc3 fffffff5 fffffffd 2c ffffffb3 ffffffb6 3b ffffffec 47 ffffffe5 | nss hmac digest hack: release slot-key-key@0x55f33d542510 | nss hmac digest hack extracted len 80 bytes at 0x7f051c0069e0 | unwrapped: 84 06 e0 c1 6e 54 4e d2 35 a9 2c ec 84 a9 87 56 | unwrapped: 02 8a 1c a7 7c c0 b8 29 5b 05 8c f1 32 ca 02 f9 | unwrapped: 53 a3 dd f4 8e b2 ab 9f 98 50 a1 42 0a bb cf 7c | unwrapped: 1d e6 99 58 89 5c d8 e7 92 0f 86 7b b0 dd 24 43 | unwrapped: 9c 9c 71 64 08 64 28 f9 44 56 6c dd dc 1d 37 58 | prf+0 PRF sha2_512 update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f052f7b0520 | result: final-key@0x55f33d54c360 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 64-bytes | base: base-key@0x55f33d54c360 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f052f7b0508 | result: final-key@0x55f33d545910 (64-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55f33d54c360 | prf+0 PRF sha2_512 final-key@0x55f33d545910 (size 64) | prf+0: key-key@0x55f33d545910 (64-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x55f33d545910 | prf+N PRF sha2_512 init key-key@0x55f33d548d40 (size 64) | prf+N: key-key@0x55f33d548d40 (64-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA512_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x55f33d548d40 (64-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f052f7b0518 | result: clone-key@0x55f33d54c360 (64-bytes, SHA512_HMAC) | prf+N prf: created sha2_512 context 0x7f051c002a70 from key-key@0x55f33d54c360 | prf+N prf: begin sha2_512 with context 0x7f051c002a70 from key-key@0x55f33d54c360 | prf+N: release clone-key@0x55f33d54c360 | prf+N PRF sha2_512 crypt-prf@0x7f051c0016b0 | prf+N PRF sha2_512 update old_t-key@0x55f33d545910 (size 64) | prf+N: old_t-key@0x55f33d545910 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55f33d545910 | nss hmac digest hack: symkey-key@0x55f33d545910 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55f33d542510 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)796590432: 0a 14 03 01 4f 02 56 31 fffffff2 ffffff9f ffffffc0 12 ffffffb6 00 ffffffd2 6c ffffffec ffffffe0 18 ffffff8c 17 ffffffd7 ffffff9d ffffffcc ffffffc5 ffffff98 ffffffde ffffffdf 00 fffffff3 5f 4a 55 7b 1c ffffff80 60 ffffffe9 fffffffa fffffff0 5f 54 79 ffffffda 0f 08 ffffffe4 ffffffb0 ffffff93 ffffff97 ffffffc4 ffffffec 12 ffffffe0 ffffff9b 45 11 fffffff2 59 ffffff95 ffffffcd 20 ffffffea 1b | nss hmac digest hack: release slot-key-key@0x55f33d542510 | nss hmac digest hack extracted len 64 bytes at 0x7f051c0085a0 | unwrapped: 83 0c ed 61 19 08 a4 d7 f7 5a f0 71 5d a4 67 a2 | unwrapped: e6 24 4b 85 d0 c0 80 80 7e 5c f7 10 4c 36 83 a4 | unwrapped: 1b d1 d5 9b b8 f9 e4 70 e7 e8 1c cd 29 dd dd 2b | unwrapped: 11 dd 78 df 90 9f 36 f5 11 4c f1 eb ba d4 cc 99 | prf+N PRF sha2_512 update seed-key@0x55f33d53e7c0 (size 80) | prf+N: seed-key@0x55f33d53e7c0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55f33d53e7c0 | nss hmac digest hack: symkey-key@0x55f33d53e7c0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55f33d542510 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)796590432: 5d 3f ffffffe9 11 2b ffffffbd 42 15 2f 0f fffffff8 ffffff92 46 ffffff89 ffffffa5 ffffffa9 ffffffcd ffffff98 fffffffd 63 ffffffd3 02 ffffffb7 0e ffffff9c ffffffb8 ffffff84 19 58 51 ffffffd7 72 4c 6a ffffffbf ffffffc0 ffffffde ffffffab 61 6b ffffffef 4b ffffffcc 4d 78 ffffff9a ffffffb9 ffffffa7 ffffffe1 62 70 fffffffa 6f ffffffa1 58 75 6e ffffffb5 ffffffc3 ffffffb5 63 0b ffffffc2 3d 4e fffffff8 12 52 21 fffffffd ffffffc3 fffffff5 fffffffd 2c ffffffb3 ffffffb6 3b ffffffec 47 ffffffe5 | nss hmac digest hack: release slot-key-key@0x55f33d542510 | nss hmac digest hack extracted len 80 bytes at 0x7f051c006980 | unwrapped: 84 06 e0 c1 6e 54 4e d2 35 a9 2c ec 84 a9 87 56 | unwrapped: 02 8a 1c a7 7c c0 b8 29 5b 05 8c f1 32 ca 02 f9 | unwrapped: 53 a3 dd f4 8e b2 ab 9f 98 50 a1 42 0a bb cf 7c | unwrapped: 1d e6 99 58 89 5c d8 e7 92 0f 86 7b b0 dd 24 43 | unwrapped: 9c 9c 71 64 08 64 28 f9 44 56 6c dd dc 1d 37 58 | prf+N PRF sha2_512 update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f052f7b0520 | result: final-key@0x55f33d540040 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 64-bytes | base: base-key@0x55f33d540040 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f052f7b0508 | result: final-key@0x55f33d54c360 (64-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55f33d540040 | prf+N PRF sha2_512 final-key@0x55f33d54c360 (size 64) | prf+N: key-key@0x55f33d54c360 (64-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d545910 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f052f7b0598 | result: result-key@0x55f33d540040 (128-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55f33d545910 | prfplus: release old_t[N]-key@0x55f33d545910 | prf+N PRF sha2_512 init key-key@0x55f33d548d40 (size 64) | prf+N: key-key@0x55f33d548d40 (64-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA512_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x55f33d548d40 (64-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f052f7b0518 | result: clone-key@0x55f33d545910 (64-bytes, SHA512_HMAC) | prf+N prf: created sha2_512 context 0x7f051c002a70 from key-key@0x55f33d545910 | prf+N prf: begin sha2_512 with context 0x7f051c002a70 from key-key@0x55f33d545910 | prf+N: release clone-key@0x55f33d545910 | prf+N PRF sha2_512 crypt-prf@0x7f051c001f40 | prf+N PRF sha2_512 update old_t-key@0x55f33d54c360 (size 64) | prf+N: old_t-key@0x55f33d54c360 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55f33d54c360 | nss hmac digest hack: symkey-key@0x55f33d54c360 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55f33d542510 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)796590432: 38 43 38 ffffff99 4f ffffffe5 14 ffffff80 ffffff96 ffffffa3 73 7d 52 fffffffc 76 fffffff0 fffffff6 01 ffffff8f ffffffd8 ffffffbc fffffff7 46 4d 21 ffffffe2 ffffffd7 64 01 ffffffc7 1d 5f fffffff8 ffffffac ffffffed ffffffcb ffffff96 ffffffc5 ffffffcf ffffffab 59 42 ffffffaa 13 63 38 ffffff88 ffffffbb 79 3b fffffffe 2f 4b ffffffad 28 ffffffea 2e ffffffb2 48 ffffffbf ffffff91 ffffff96 27 57 | nss hmac digest hack: release slot-key-key@0x55f33d542510 | nss hmac digest hack extracted len 64 bytes at 0x7f051c005070 | unwrapped: 27 18 a3 39 e2 97 ec 3d aa 08 71 fb 4a d6 d1 64 | unwrapped: fa 61 7a 46 da f6 7b 72 c9 18 ba 89 c2 0d 07 bf | unwrapped: 86 57 ba 96 5b c6 d4 50 ce 87 e9 77 14 d5 61 5e | unwrapped: 24 ff 07 26 ad 1e 95 06 7d 83 fd 5e 2d 03 81 27 | prf+N PRF sha2_512 update seed-key@0x55f33d53e7c0 (size 80) | prf+N: seed-key@0x55f33d53e7c0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55f33d53e7c0 | nss hmac digest hack: symkey-key@0x55f33d53e7c0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55f33d542510 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)796590432: 5d 3f ffffffe9 11 2b ffffffbd 42 15 2f 0f fffffff8 ffffff92 46 ffffff89 ffffffa5 ffffffa9 ffffffcd ffffff98 fffffffd 63 ffffffd3 02 ffffffb7 0e ffffff9c ffffffb8 ffffff84 19 58 51 ffffffd7 72 4c 6a ffffffbf ffffffc0 ffffffde ffffffab 61 6b ffffffef 4b ffffffcc 4d 78 ffffff9a ffffffb9 ffffffa7 ffffffe1 62 70 fffffffa 6f ffffffa1 58 75 6e ffffffb5 ffffffc3 ffffffb5 63 0b ffffffc2 3d 4e fffffff8 12 52 21 fffffffd ffffffc3 fffffff5 fffffffd 2c ffffffb3 ffffffb6 3b ffffffec 47 ffffffe5 | nss hmac digest hack: release slot-key-key@0x55f33d542510 | nss hmac digest hack extracted len 80 bytes at 0x7f051c006920 | unwrapped: 84 06 e0 c1 6e 54 4e d2 35 a9 2c ec 84 a9 87 56 | unwrapped: 02 8a 1c a7 7c c0 b8 29 5b 05 8c f1 32 ca 02 f9 | unwrapped: 53 a3 dd f4 8e b2 ab 9f 98 50 a1 42 0a bb cf 7c | unwrapped: 1d e6 99 58 89 5c d8 e7 92 0f 86 7b b0 dd 24 43 | unwrapped: 9c 9c 71 64 08 64 28 f9 44 56 6c dd dc 1d 37 58 | prf+N PRF sha2_512 update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f052f7b0520 | result: final-key@0x7f051c008af0 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 64-bytes | base: base-key@0x7f051c008af0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f052f7b0508 | result: final-key@0x55f33d545910 (64-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f051c008af0 | prf+N PRF sha2_512 final-key@0x55f33d545910 (size 64) | prf+N: key-key@0x55f33d545910 (64-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d540040 (128-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f052f7b0598 | result: result-key@0x7f051c008af0 (192-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55f33d540040 | prfplus: release old_t[N]-key@0x55f33d54c360 | prf+N PRF sha2_512 init key-key@0x55f33d548d40 (size 64) | prf+N: key-key@0x55f33d548d40 (64-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA512_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x55f33d548d40 (64-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f052f7b0518 | result: clone-key@0x55f33d54c360 (64-bytes, SHA512_HMAC) | prf+N prf: created sha2_512 context 0x7f051c002a70 from key-key@0x55f33d54c360 | prf+N prf: begin sha2_512 with context 0x7f051c002a70 from key-key@0x55f33d54c360 | prf+N: release clone-key@0x55f33d54c360 | prf+N PRF sha2_512 crypt-prf@0x7f051c0016b0 | prf+N PRF sha2_512 update old_t-key@0x55f33d545910 (size 64) | prf+N: old_t-key@0x55f33d545910 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55f33d545910 | nss hmac digest hack: symkey-key@0x55f33d545910 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55f33d542510 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)796590432: ffffff9b fffffff6 ffffffc0 63 ffffff8f 61 ffffffca 5b ffffffa8 1b ffffffca ffffffa3 fffffff9 fffffff6 ffffffdc 09 fffffffb ffffffdb 5e 44 10 05 69 ffffffe9 49 76 6e 66 77 0b ffffffd0 ffffffdc 71 ffffffb3 31 ffffffe5 4f ffffffe7 37 ffffffe4 6c 0a 7e 67 64 ffffffa7 5b ffffffa5 5a ffffff8a 56 ffffffe3 68 49 63 54 09 ffffff93 4d 06 ffffffd0 fffffffd ffffffdc ffffffb5 | nss hmac digest hack: release slot-key-key@0x55f33d542510 | nss hmac digest hack extracted len 64 bytes at 0x7f051c006a40 | unwrapped: 7b ee d6 26 9d 64 dd fb 6e 49 1a 18 f7 4a 43 8c | unwrapped: 98 10 73 67 97 8d 7f 99 43 b9 95 51 9f bc 3f 08 | unwrapped: d6 52 0b 90 28 5b 35 2b d6 9d 2f 7e 32 a4 08 3f | unwrapped: b3 f1 1e 02 25 70 16 ce 5c 9a 77 2e 6c 77 a7 dd | prf+N PRF sha2_512 update seed-key@0x55f33d53e7c0 (size 80) | prf+N: seed-key@0x55f33d53e7c0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55f33d53e7c0 | nss hmac digest hack: symkey-key@0x55f33d53e7c0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55f33d542510 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)796590432: 5d 3f ffffffe9 11 2b ffffffbd 42 15 2f 0f fffffff8 ffffff92 46 ffffff89 ffffffa5 ffffffa9 ffffffcd ffffff98 fffffffd 63 ffffffd3 02 ffffffb7 0e ffffff9c ffffffb8 ffffff84 19 58 51 ffffffd7 72 4c 6a ffffffbf ffffffc0 ffffffde ffffffab 61 6b ffffffef 4b ffffffcc 4d 78 ffffff9a ffffffb9 ffffffa7 ffffffe1 62 70 fffffffa 6f ffffffa1 58 75 6e ffffffb5 ffffffc3 ffffffb5 63 0b ffffffc2 3d 4e fffffff8 12 52 21 fffffffd ffffffc3 fffffff5 fffffffd 2c ffffffb3 ffffffb6 3b ffffffec 47 ffffffe5 | nss hmac digest hack: release slot-key-key@0x55f33d542510 | nss hmac digest hack extracted len 80 bytes at 0x7f051c005220 | unwrapped: 84 06 e0 c1 6e 54 4e d2 35 a9 2c ec 84 a9 87 56 | unwrapped: 02 8a 1c a7 7c c0 b8 29 5b 05 8c f1 32 ca 02 f9 | unwrapped: 53 a3 dd f4 8e b2 ab 9f 98 50 a1 42 0a bb cf 7c | unwrapped: 1d e6 99 58 89 5c d8 e7 92 0f 86 7b b0 dd 24 43 | unwrapped: 9c 9c 71 64 08 64 28 f9 44 56 6c dd dc 1d 37 58 | prf+N PRF sha2_512 update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f052f7b0520 | result: final-key@0x55f33d540040 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 64-bytes | base: base-key@0x55f33d540040 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f052f7b0508 | result: final-key@0x55f33d54c360 (64-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55f33d540040 | prf+N PRF sha2_512 final-key@0x55f33d54c360 (size 64) | prf+N: key-key@0x55f33d54c360 (64-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f051c008af0 (192-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f052f7b0598 | result: result-key@0x55f33d540040 (256-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f051c008af0 | prfplus: release old_t[N]-key@0x55f33d545910 | prf+N PRF sha2_512 init key-key@0x55f33d548d40 (size 64) | prf+N: key-key@0x55f33d548d40 (64-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA512_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x55f33d548d40 (64-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f052f7b0518 | result: clone-key@0x55f33d545910 (64-bytes, SHA512_HMAC) | prf+N prf: created sha2_512 context 0x7f051c002a70 from key-key@0x55f33d545910 | prf+N prf: begin sha2_512 with context 0x7f051c002a70 from key-key@0x55f33d545910 | prf+N: release clone-key@0x55f33d545910 | prf+N PRF sha2_512 crypt-prf@0x7f051c001f40 | prf+N PRF sha2_512 update old_t-key@0x55f33d54c360 (size 64) | prf+N: old_t-key@0x55f33d54c360 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x55f33d54c360 | nss hmac digest hack: symkey-key@0x55f33d54c360 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55f33d542510 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)796590432: 58 0c ffffffec ffffffbd ffffffca 64 52 fffffff7 42 ffffffa9 ffffffbe 66 ffffffcf ffffffb4 ffffff88 33 ffffffd3 ffffffba ffffffad ffffffe6 ffffffb2 ffffffa7 35 77 50 1c ffffffe1 ffffffc5 3f ffffffc3 39 47 34 34 2d 29 0a ffffff97 ffffff8b ffffffc2 1c 17 ffffffe2 79 24 7b ffffffa2 58 fffffff4 ffffff87 62 ffffff96 49 ffffffd5 32 3c 2e ffffffba 0a 1b 15 22 ffffff84 ffffffba | nss hmac digest hack: release slot-key-key@0x55f33d542510 | nss hmac digest hack extracted len 64 bytes at 0x7f051c004f50 | unwrapped: dd 5f 4c c4 ff 8c 2a 2f 25 54 80 6f 99 ad 48 a8 | unwrapped: be d4 1b ab 78 6e 08 45 e1 83 3f 82 c3 32 2f 1b | unwrapped: 38 a6 e9 8a 08 9c 37 2d 3f 2b 3c 72 eb 7c b7 b2 | unwrapped: 2d 1b 53 ea 61 7d 96 97 4b 82 62 08 a7 bd 7b 70 | prf+N PRF sha2_512 update seed-key@0x55f33d53e7c0 (size 80) | prf+N: seed-key@0x55f33d53e7c0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x55f33d53e7c0 | nss hmac digest hack: symkey-key@0x55f33d53e7c0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55f33d542510 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)796590432: 5d 3f ffffffe9 11 2b ffffffbd 42 15 2f 0f fffffff8 ffffff92 46 ffffff89 ffffffa5 ffffffa9 ffffffcd ffffff98 fffffffd 63 ffffffd3 02 ffffffb7 0e ffffff9c ffffffb8 ffffff84 19 58 51 ffffffd7 72 4c 6a ffffffbf ffffffc0 ffffffde ffffffab 61 6b ffffffef 4b ffffffcc 4d 78 ffffff9a ffffffb9 ffffffa7 ffffffe1 62 70 fffffffa 6f ffffffa1 58 75 6e ffffffb5 ffffffc3 ffffffb5 63 0b ffffffc2 3d 4e fffffff8 12 52 21 fffffffd ffffffc3 fffffff5 fffffffd 2c ffffffb3 ffffffb6 3b ffffffec 47 ffffffe5 | nss hmac digest hack: release slot-key-key@0x55f33d542510 | nss hmac digest hack extracted len 80 bytes at 0x7f051c0069e0 | unwrapped: 84 06 e0 c1 6e 54 4e d2 35 a9 2c ec 84 a9 87 56 | unwrapped: 02 8a 1c a7 7c c0 b8 29 5b 05 8c f1 32 ca 02 f9 | unwrapped: 53 a3 dd f4 8e b2 ab 9f 98 50 a1 42 0a bb cf 7c | unwrapped: 1d e6 99 58 89 5c d8 e7 92 0f 86 7b b0 dd 24 43 | unwrapped: 9c 9c 71 64 08 64 28 f9 44 56 6c dd dc 1d 37 58 | prf+N PRF sha2_512 update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f052f7b0520 | result: final-key@0x7f051c008af0 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 64-bytes | base: base-key@0x7f051c008af0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f052f7b0508 | result: final-key@0x55f33d545910 (64-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f051c008af0 | prf+N PRF sha2_512 final-key@0x55f33d545910 (size 64) | prf+N: key-key@0x55f33d545910 (64-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d540040 (256-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f052f7b0598 | result: result-key@0x7f051c008af0 (320-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x55f33d540040 | prfplus: release old_t[N]-key@0x55f33d54c360 | prfplus: release old_t[final]-key@0x55f33d545910 | ike_sa_keymat: release data-key@0x55f33d53e7c0 | calc_skeyseed_v2: release skeyseed_k-key@0x55f33d548d40 | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 64-bytes | base: base-key@0x7f051c008af0 (320-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f052f7b0738 | result: result-key@0x55f33d548d40 (64-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 64, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x7f051c008af0 (320-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f052f7b0748 | result: SK_ei_k-key@0x55f33d53e7c0 (32-bytes, AES_GCM) | key-offset: 96, key-size: 4 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 4-bytes | base: base-key@0x7f051c008af0 (320-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f052f7b0748 | result: result-key@0x55f33d545910 (4-bytes, EXTRACT_KEY_FROM_KEY) | initiator salt extracting all 4 bytes of key@0x55f33d545910 | initiator salt: symkey-key@0x55f33d545910 (4-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | initiator salt: new slot-key@0x55f33d542510 (4-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)-493681388: ffffffdf 24 66 fffffffb 15 70 20 06 ffffffec 42 6b 6e 23 ffffffcd fffffff6 fffffffc | initiator salt: release slot-key-key@0x55f33d542510 | initiator salt extracted len 16 bytes at 0x7f051c0018a0 | unwrapped: 86 57 ba 96 00 00 00 00 00 00 00 00 00 00 00 00 | calc_skeyseed_v2: release initiator-salt-key-key@0x55f33d545910 | key-offset: 100, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x7f051c008af0 (320-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f052f7b0748 | result: SK_er_k-key@0x55f33d545910 (32-bytes, AES_GCM) | key-offset: 132, key-size: 4 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 4-bytes | base: base-key@0x7f051c008af0 (320-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f052f7b0748 | result: result-key@0x55f33d54c360 (4-bytes, EXTRACT_KEY_FROM_KEY) | responder salt extracting all 4 bytes of key@0x55f33d54c360 | responder salt: symkey-key@0x55f33d54c360 (4-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | responder salt: new slot-key@0x55f33d542510 (4-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)-493681388: 22 62 ffffffe0 51 ffffff80 3e 54 09 ffffff94 fffffffc 65 ffffffe6 ffffffa8 ffffff99 ffffffd7 5e | responder salt: release slot-key-key@0x55f33d542510 | responder salt extracted len 16 bytes at 0x7f051c006c70 | unwrapped: 9d 64 dd fb 00 00 00 00 00 00 00 00 00 00 00 00 | calc_skeyseed_v2: release responder-salt-key-key@0x55f33d54c360 | key-offset: 136, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 64-bytes | base: base-key@0x7f051c008af0 (320-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f052f7b0748 | result: result-key@0x55f33d54c360 (64-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 64 bytes of key@0x55f33d54c360 | chunk_SK_pi: symkey-key@0x55f33d54c360 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x55f33d542510 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-493681388: ffffffef 55 ffffffd2 ffffffd1 ffffffbe ffffffed 70 34 ffffffc2 ffffffb8 ffffffb4 01 77 68 ffffffbb fffffffb ffffffbe ffffff93 ffffffbb 10 ffffff96 ffffffaa 31 0d 78 ffffffe2 ffffff81 38 71 ffffff91 7e 03 09 50 40 1c 67 ffffffa2 0c ffffff95 30 ffffffdf 01 58 39 ffffffeb ffffffda ffffffbf 53 ffffff9d ffffffdf 2b 38 ffffffc7 ffffff82 31 66 ffffff89 ffffffc3 61 04 ffffff92 ffffffe9 3a | chunk_SK_pi: release slot-key-key@0x55f33d542510 | chunk_SK_pi extracted len 64 bytes at 0x7f051c001ef0 | unwrapped: 6e 49 1a 18 f7 4a 43 8c 98 10 73 67 97 8d 7f 99 | unwrapped: 43 b9 95 51 9f bc 3f 08 d6 52 0b 90 28 5b 35 2b | unwrapped: d6 9d 2f 7e 32 a4 08 3f b3 f1 1e 02 25 70 16 ce | unwrapped: 5c 9a 77 2e 6c 77 a7 dd dd 5f 4c c4 ff 8c 2a 2f | key-offset: 200, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 64-bytes | base: base-key@0x7f051c008af0 (320-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f052f7b0748 | result: result-key@0x55f33d540040 (64-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 64 bytes of key@0x55f33d540040 | chunk_SK_pr: symkey-key@0x55f33d540040 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x55f33d542510 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-493681388: ffffffe7 68 ffffff81 fffffff2 ffffffe1 fffffff4 ffffff82 fffffff9 ffffffbe ffffff8a 14 ffffffc2 ffffff96 0d ffffffeb 25 ffffff9a fffffffe 52 fffffffe ffffffe7 34 7a ffffffa9 71 79 ffffff8a 57 ffffff90 ffffffbe 24 4b 0a ffffffe9 ffffff93 50 31 ffffffd6 ffffffde ffffffd0 5b 20 ffffffd9 0d 6b ffffffc2 37 57 0b ffffffb2 ffffffca ffffffeb ffffffc2 11 ffffff98 ffffffda fffffff6 42 31 2e ffffffc1 ffffffd9 36 ffffffa4 | chunk_SK_pr: release slot-key-key@0x55f33d542510 | chunk_SK_pr extracted len 64 bytes at 0x7f051c00c280 | unwrapped: 25 54 80 6f 99 ad 48 a8 be d4 1b ab 78 6e 08 45 | unwrapped: e1 83 3f 82 c3 32 2f 1b 38 a6 e9 8a 08 9c 37 2d | unwrapped: 3f 2b 3c 72 eb 7c b7 b2 2d 1b 53 ea 61 7d 96 97 | unwrapped: 4b 82 62 08 a7 bd 7b 70 e0 16 94 6c 60 df 31 eb | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7f051c008af0 | calc_skeyseed_v2 pointers: shared-key@0x55f33d54aa00, SK_d-key@0x55f33d548d40, SK_ai-key@(nil), SK_ar-key@(nil), SK_ei-key@0x55f33d53e7c0, SK_er-key@0x55f33d545910, SK_pi-key@0x55f33d54c360, SK_pr-key@0x55f33d540040 | calc_skeyseed_v2 initiator salt | 86 57 ba 96 | calc_skeyseed_v2 responder salt | 9d 64 dd fb | calc_skeyseed_v2 SK_pi | 6e 49 1a 18 f7 4a 43 8c 98 10 73 67 97 8d 7f 99 | 43 b9 95 51 9f bc 3f 08 d6 52 0b 90 28 5b 35 2b | d6 9d 2f 7e 32 a4 08 3f b3 f1 1e 02 25 70 16 ce | 5c 9a 77 2e 6c 77 a7 dd dd 5f 4c c4 ff 8c 2a 2f | calc_skeyseed_v2 SK_pr | 25 54 80 6f 99 ad 48 a8 be d4 1b ab 78 6e 08 45 | e1 83 3f 82 c3 32 2f 1b 38 a6 e9 8a 08 9c 37 2d | 3f 2b 3c 72 eb 7c b7 b2 2d 1b 53 ea 61 7d 96 97 | 4b 82 62 08 a7 bd 7b 70 e0 16 94 6c 60 df 31 eb | crypto helper 0 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.00187 seconds | (#1) spent 1.86 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) | crypto helper 0 sending results from work-order 2 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f051c006be0 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 2 | calling continuation function 0x55f33b90c630 | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 | DH secret MODP2048@0x7f0524000d60: transferring ownership from helper IKEv2 DH to state #1 | finish_dh_v2: release st_shared_nss-key@NULL | creating state object #2 at 0x55f33d560300 | State DB: adding IKEv2 state #2 in UNDEFINED | pstats #2 ikev2.child started | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #2 for IPSEC SA | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1481) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x55f33d548d40 | duplicate_state: reference st_skey_ai_nss-key@NULL | duplicate_state: reference st_skey_ar_nss-key@NULL | duplicate_state: reference st_skey_ei_nss-key@0x55f33d53e7c0 | duplicate_state: reference st_skey_er_nss-key@0x55f33d545910 | duplicate_state: reference st_skey_pi_nss-key@0x55f33d54c360 | duplicate_state: reference st_skey_pr_nss-key@0x55f33d540040 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55f33d55da80 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55f33d55da40 | event_schedule: new EVENT_SA_REPLACE-pe@0x55f33d55da40 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x55f33d55da80 size 128 | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | 9c 9c 71 64 08 64 28 f9 | responder cookie: | 44 56 6c dd dc 1d 37 58 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: AUTHNULL | IDr payload will be sent | hmac PRF sha2_512 init symkey-key@0x55f33d54c360 (size 64) | hmac: symkey-key@0x55f33d54c360 (64-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA512_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x55f33d54c360 (64-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be5e4a8 | result: clone-key@0x7f051c008af0 (64-bytes, SHA512_HMAC) | hmac prf: created sha2_512 context 0x55f33d541a70 from symkey-key@0x7f051c008af0 | hmac prf: begin sha2_512 with context 0x55f33d541a70 from symkey-key@0x7f051c008af0 | hmac: release clone-key@0x7f051c008af0 | hmac PRF sha2_512 crypt-prf@0x55f33d55dbb0 | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_NULL (0xd) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 0 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity | emitting length of IKEv2 Identification - Initiator - Payload: 8 | idhash calc I2 0d 00 00 00 | hmac PRF sha2_512 update data-bytes@0x55f33ba0b96c (length 4) | 0d 00 00 00 | hmac PRF sha2_512 final-bytes@0x7ffc7be5ea40 (length 64) | 0d 3a a5 1d e9 8a e7 84 51 51 5d e0 dc 74 0b ea | 4f 7a 2e 6e 71 4a b2 ca 41 b5 d3 e3 b1 72 5f 39 | 0d 49 e5 4d 72 49 1a fa 0e 27 88 04 0b 01 0b 5e | 8e 08 a1 8d 7c 50 e6 3c 36 40 18 71 0d 47 f2 25 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | ID type: ID_NULL (0xd) | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 0 raw bytes of IDr into IKEv2 Identification - Responder - Payload | IDr | emitting length of IKEv2 Identification - Responder - Payload: 8 | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_NULL (0xd) | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=null | inputs to hash1 (first packet) | 9c 9c 71 64 08 64 28 f9 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 03 53 22 00 01 b4 | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f | 28 00 01 08 00 0e 00 00 2b a9 68 b0 bb cb 3c b0 | 3e f1 8e 2e ea 4e c8 d2 f9 fa f8 6c 03 03 34 81 | 55 c9 2e 0b 62 fb 8d 4e 53 65 69 a0 33 aa 85 ad | 5b 9b 3e 6e 65 51 d8 e1 9a 28 cf 3d 62 f7 b4 d6 | 13 ef 8c ed ab 2e 31 b8 48 68 dd 5a 3d 92 b3 5a | ee ee 66 f0 ca 4b a9 4e 20 e5 ef 50 cd 2a 12 fa | c7 55 fb fa f9 63 27 09 b8 99 46 be 60 78 8d a1 | fd f3 bc 78 43 d7 a3 3f 53 a8 a3 fb f6 2a 80 6d | 24 79 35 fd 12 ca 26 ba df f5 86 a1 ac b3 55 82 | 44 e5 4a 62 30 42 26 54 8d dd 93 c7 c4 99 f3 ba | 6e 9a 23 55 7b 62 c4 03 db f1 b7 ab d3 c8 ea 6a | d3 34 7d b6 55 ee 50 f6 d5 db 4c cc 4a b7 f8 e7 | 81 c3 75 6d f9 74 78 d0 27 ea 84 98 42 82 4f 05 | 30 94 3b 4c a4 ad 6e c0 0b a8 07 f4 4c 14 8e c3 | 50 2b e4 eb 56 62 23 bf 02 aa 86 3b 17 dc dc 12 | b4 3b f0 bc 13 40 6e 7f 8c 12 ee 5a 5d 7d 43 f4 | 12 56 9a b7 6d 83 a7 7e 29 00 00 24 84 06 e0 c1 | 6e 54 4e d2 35 a9 2c ec 84 a9 87 56 02 8a 1c a7 | 7c c0 b8 29 5b 05 8c f1 32 ca 02 f9 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 6d bd 65 fa | 59 d3 19 be ea a1 9c 6d 50 30 40 84 dd 9b c8 29 | 2b 00 00 1c 00 00 40 05 38 c4 00 cd c3 7a fb fb | a9 31 55 97 64 a0 3d 5f d5 84 76 3a 00 00 00 17 | 4f 70 70 6f 72 74 75 6e 69 73 74 69 63 20 49 50 | 73 65 63 | create: initiator inputs to hash2 (responder nonce) | 53 a3 dd f4 8e b2 ab 9f 98 50 a1 42 0a bb cf 7c | 1d e6 99 58 89 5c d8 e7 92 0f 86 7b b0 dd 24 43 | idhash 0d 3a a5 1d e9 8a e7 84 51 51 5d e0 dc 74 0b ea | idhash 4f 7a 2e 6e 71 4a b2 ca 41 b5 d3 e3 b1 72 5f 39 | idhash 0d 49 e5 4d 72 49 1a fa 0e 27 88 04 0b 01 0b 5e | idhash 8e 08 a1 8d 7c 50 e6 3c 36 40 18 71 0d 47 f2 25 | = prf(,"Key Pad for IKEv2") PRF sha2_512 init shared secret-chunk@0x7f051c001ef0 (length 64) | 6e 49 1a 18 f7 4a 43 8c 98 10 73 67 97 8d 7f 99 | 43 b9 95 51 9f bc 3f 08 d6 52 0b 90 28 5b 35 2b | d6 9d 2f 7e 32 a4 08 3f b3 f1 1e 02 25 70 16 ce | 5c 9a 77 2e 6c 77 a7 dd dd 5f 4c c4 ff 8c 2a 2f | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be5e2a0 | result: shared secret-key@0x7f0524006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA512_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x7f0524006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be5e288 | result: shared secret-key@0x7f051c008af0 (64-bytes, SHA512_HMAC) | shared secret: release tmp-key@0x7f0524006900 | = prf(,"Key Pad for IKEv2") prf: created sha2_512 context 0x55f33d541a70 from shared secret-key@0x7f051c008af0 | = prf(,"Key Pad for IKEv2") prf: begin sha2_512 with context 0x55f33d541a70 from shared secret-key@0x7f051c008af0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f051c008af0 | = prf(,"Key Pad for IKEv2") PRF sha2_512 crypt-prf@0x55f33d55db70 | = prf(,"Key Pad for IKEv2") PRF sha2_512 update Key Pad for IKEv2-bytes@0x55f33b99fbb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be5e2c0 | result: final-key@0x7f0524006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 64-bytes | base: base-key@0x7f0524006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be5e2a8 | result: final-key@0x7f051c008af0 (64-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f0524006900 | = prf(,"Key Pad for IKEv2") PRF sha2_512 final-key@0x7f051c008af0 (size 64) | = prf(,"Key Pad for IKEv2"): key-key@0x7f051c008af0 (64-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha2_512 init -key@0x7f051c008af0 (size 64) | = prf(, ): -key@0x7f051c008af0 (64-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA512_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x7f051c008af0 (64-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be5e2b8 | result: clone-key@0x7f0524006900 (64-bytes, SHA512_HMAC) | = prf(, ) prf: created sha2_512 context 0x55f33d541a70 from -key@0x7f0524006900 | = prf(, ) prf: begin sha2_512 with context 0x55f33d541a70 from -key@0x7f0524006900 | = prf(, ): release clone-key@0x7f0524006900 | = prf(, ) PRF sha2_512 crypt-prf@0x55f33d55dbb0 | = prf(, ) PRF sha2_512 update first-packet-bytes@0x55f33d55dcb0 (length 851) | 9c 9c 71 64 08 64 28 f9 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 03 53 22 00 01 b4 | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f | 28 00 01 08 00 0e 00 00 2b a9 68 b0 bb cb 3c b0 | 3e f1 8e 2e ea 4e c8 d2 f9 fa f8 6c 03 03 34 81 | 55 c9 2e 0b 62 fb 8d 4e 53 65 69 a0 33 aa 85 ad | 5b 9b 3e 6e 65 51 d8 e1 9a 28 cf 3d 62 f7 b4 d6 | 13 ef 8c ed ab 2e 31 b8 48 68 dd 5a 3d 92 b3 5a | ee ee 66 f0 ca 4b a9 4e 20 e5 ef 50 cd 2a 12 fa | c7 55 fb fa f9 63 27 09 b8 99 46 be 60 78 8d a1 | fd f3 bc 78 43 d7 a3 3f 53 a8 a3 fb f6 2a 80 6d | 24 79 35 fd 12 ca 26 ba df f5 86 a1 ac b3 55 82 | 44 e5 4a 62 30 42 26 54 8d dd 93 c7 c4 99 f3 ba | 6e 9a 23 55 7b 62 c4 03 db f1 b7 ab d3 c8 ea 6a | d3 34 7d b6 55 ee 50 f6 d5 db 4c cc 4a b7 f8 e7 | 81 c3 75 6d f9 74 78 d0 27 ea 84 98 42 82 4f 05 | 30 94 3b 4c a4 ad 6e c0 0b a8 07 f4 4c 14 8e c3 | 50 2b e4 eb 56 62 23 bf 02 aa 86 3b 17 dc dc 12 | b4 3b f0 bc 13 40 6e 7f 8c 12 ee 5a 5d 7d 43 f4 | 12 56 9a b7 6d 83 a7 7e 29 00 00 24 84 06 e0 c1 | 6e 54 4e d2 35 a9 2c ec 84 a9 87 56 02 8a 1c a7 | 7c c0 b8 29 5b 05 8c f1 32 ca 02 f9 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 6d bd 65 fa | 59 d3 19 be ea a1 9c 6d 50 30 40 84 dd 9b c8 29 | 2b 00 00 1c 00 00 40 05 38 c4 00 cd c3 7a fb fb | a9 31 55 97 64 a0 3d 5f d5 84 76 3a 00 00 00 17 | 4f 70 70 6f 72 74 75 6e 69 73 74 69 63 20 49 50 | 73 65 63 | = prf(, ) PRF sha2_512 update nonce-bytes@0x55f33d55b360 (length 32) | 53 a3 dd f4 8e b2 ab 9f 98 50 a1 42 0a bb cf 7c | 1d e6 99 58 89 5c d8 e7 92 0f 86 7b b0 dd 24 43 | = prf(, ) PRF sha2_512 update hash-bytes@0x7ffc7be5ea40 (length 64) | 0d 3a a5 1d e9 8a e7 84 51 51 5d e0 dc 74 0b ea | 4f 7a 2e 6e 71 4a b2 ca 41 b5 d3 e3 b1 72 5f 39 | 0d 49 e5 4d 72 49 1a fa 0e 27 88 04 0b 01 0b 5e | 8e 08 a1 8d 7c 50 e6 3c 36 40 18 71 0d 47 f2 25 | = prf(, ) PRF sha2_512 final-chunk@0x55f33d559c10 (length 64) | 31 c4 af 63 7d ae bc 4d 2b 11 3b 75 3f 71 27 e6 | 7a 65 24 47 42 a2 a6 c2 84 c9 57 08 9d 2d 59 8f | 3b f6 11 07 d6 d5 e7 b2 32 28 26 29 7c 2b 30 20 | f8 98 0a 24 95 ab 05 fd 9f a9 68 2f 86 4b ea 19 | psk_auth: release prf-psk-key@0x7f051c008af0 | PSK auth octets 31 c4 af 63 7d ae bc 4d 2b 11 3b 75 3f 71 27 e6 | PSK auth octets 7a 65 24 47 42 a2 a6 c2 84 c9 57 08 9d 2d 59 8f | PSK auth octets 3b f6 11 07 d6 d5 e7 b2 32 28 26 29 7c 2b 30 20 | PSK auth octets f8 98 0a 24 95 ab 05 fd 9f a9 68 2f 86 4b ea 19 | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth 31 c4 af 63 7d ae bc 4d 2b 11 3b 75 3f 71 27 e6 | PSK auth 7a 65 24 47 42 a2 a6 c2 84 c9 57 08 9d 2d 59 8f | PSK auth 3b f6 11 07 d6 d5 e7 b2 32 28 26 29 7c 2b 30 20 | PSK auth f8 98 0a 24 95 ab 05 fd 9f a9 68 2f 86 4b ea 19 | emitting length of IKEv2 Authentication Payload: 72 | getting first pending from state #1 | netlink_get_spi: allocated 0xef0fa8d8 for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_GCM_16_256-NONE to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_GCM_16_128-NONE to ikev2 ... | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED "westnet-eastnet-ipv4-psk-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi ef 0f a8 d8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi ef 0f a8 d8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | discarding INTEG=NONE | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 32 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi ef 0f a8 d8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 4 (0x4) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi ef 0f a8 d8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 164 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 01 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 02 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 329 | emitting length of ISAKMP Message: 357 | Salt before authenticated encryption: | 86 57 ba 96 | IV before authenticated encryption: | 7e 89 09 55 dd e8 22 db | AAD before authenticated encryption: | 9c 9c 71 64 08 64 28 f9 44 56 6c dd dc 1d 37 58 | 2e 20 23 08 00 00 00 01 00 00 01 65 23 00 01 49 | data before authenticated encryption: | 24 00 00 08 0d 00 00 00 27 00 00 08 0d 00 00 00 | 21 00 00 48 0d 00 00 00 31 c4 af 63 7d ae bc 4d | 2b 11 3b 75 3f 71 27 e6 7a 65 24 47 42 a2 a6 c2 | 84 c9 57 08 9d 2d 59 8f 3b f6 11 07 d6 d5 e7 b2 | 32 28 26 29 7c 2b 30 20 f8 98 0a 24 95 ab 05 fd | 9f a9 68 2f 86 4b ea 19 2c 00 00 a4 02 00 00 20 | 01 03 04 02 ef 0f a8 d8 03 00 00 0c 01 00 00 14 | 80 0e 01 00 00 00 00 08 05 00 00 00 02 00 00 20 | 02 03 04 02 ef 0f a8 d8 03 00 00 0c 01 00 00 14 | 80 0e 00 80 00 00 00 08 05 00 00 00 02 00 00 30 | 03 03 04 04 ef 0f a8 d8 03 00 00 0c 01 00 00 0c | 80 0e 01 00 03 00 00 08 03 00 00 0e 03 00 00 08 | 03 00 00 0c 00 00 00 08 05 00 00 00 00 00 00 30 | 04 03 04 04 ef 0f a8 d8 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 03 00 00 0e 03 00 00 08 | 03 00 00 0c 00 00 00 08 05 00 00 00 2d 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 01 00 | c0 00 01 ff 00 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 02 00 c0 00 02 ff 00 | integ before authenticated encryption: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | data after authenticated encryption: | 07 a4 41 c0 57 c5 97 f4 4c eb 7f ac 51 35 31 81 | 79 cd 6f f3 5a de 19 90 c9 20 8e f3 cb e2 75 06 | 7b 29 52 ff 7c d1 06 43 98 03 88 af d0 57 44 19 | a5 0e 4d b6 a5 c9 78 35 3e d0 3b e8 ba a1 b9 22 | 05 a4 0c 06 a7 2e a5 08 dc bc 9a 7a b9 89 0b 02 | 6a 85 cf f6 ec 54 23 25 db d0 23 58 31 6e 8f cd | ec ac 02 c3 f5 c9 39 55 e3 14 6c fd 34 f2 f5 0c | 6b 65 46 43 44 94 ba 88 f8 b0 48 bb 10 d2 a0 8a | 2b 8e 67 cd d2 ab d2 12 0a 85 81 c4 ba 94 bf 96 | 36 1b c2 90 7f 6f d1 a2 bc b8 7d d7 d2 f5 2c e5 | 67 4d ff ba c4 15 4a 6b 26 40 09 85 0c 39 20 9c | ab 14 62 3c f6 ff 47 a8 c9 03 95 97 ff df e5 c3 | 15 2e b5 7b 93 8f 21 d5 7a e1 ef 9e c0 02 83 2b | bd 0f b0 ac fd cc cb b2 e1 9d 6b 85 a4 9d 64 c0 | af c3 1c b5 68 39 43 9b 1b 27 dc 37 14 e2 c8 f1 | a5 1f 88 01 f9 4f 7d 0b 59 4a 69 9e 4f 33 67 2a | b2 16 3e 6d 50 fa 37 64 10 9b f4 b9 fa e9 d0 bf | a1 aa 5f 62 9a 42 bd 1f 11 25 ad 16 1c 94 1e 39 | 52 e5 27 e9 28 82 f2 eb 2e e1 23 4f 2e | integ after authenticated encryption: | db d9 f0 ef a9 fd 72 5e 77 61 00 02 2d 9d 68 d1 | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #2 to 0 after switching state | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 357 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 9c 9c 71 64 08 64 28 f9 44 56 6c dd dc 1d 37 58 | 2e 20 23 08 00 00 00 01 00 00 01 65 23 00 01 49 | 7e 89 09 55 dd e8 22 db 07 a4 41 c0 57 c5 97 f4 | 4c eb 7f ac 51 35 31 81 79 cd 6f f3 5a de 19 90 | c9 20 8e f3 cb e2 75 06 7b 29 52 ff 7c d1 06 43 | 98 03 88 af d0 57 44 19 a5 0e 4d b6 a5 c9 78 35 | 3e d0 3b e8 ba a1 b9 22 05 a4 0c 06 a7 2e a5 08 | dc bc 9a 7a b9 89 0b 02 6a 85 cf f6 ec 54 23 25 | db d0 23 58 31 6e 8f cd ec ac 02 c3 f5 c9 39 55 | e3 14 6c fd 34 f2 f5 0c 6b 65 46 43 44 94 ba 88 | f8 b0 48 bb 10 d2 a0 8a 2b 8e 67 cd d2 ab d2 12 | 0a 85 81 c4 ba 94 bf 96 36 1b c2 90 7f 6f d1 a2 | bc b8 7d d7 d2 f5 2c e5 67 4d ff ba c4 15 4a 6b | 26 40 09 85 0c 39 20 9c ab 14 62 3c f6 ff 47 a8 | c9 03 95 97 ff df e5 c3 15 2e b5 7b 93 8f 21 d5 | 7a e1 ef 9e c0 02 83 2b bd 0f b0 ac fd cc cb b2 | e1 9d 6b 85 a4 9d 64 c0 af c3 1c b5 68 39 43 9b | 1b 27 dc 37 14 e2 c8 f1 a5 1f 88 01 f9 4f 7d 0b | 59 4a 69 9e 4f 33 67 2a b2 16 3e 6d 50 fa 37 64 | 10 9b f4 b9 fa e9 d0 bf a1 aa 5f 62 9a 42 bd 1f | 11 25 ad 16 1c 94 1e 39 52 e5 27 e9 28 82 f2 eb | 2e e1 23 4f 2e db d9 f0 ef a9 fd 72 5e 77 61 00 | 02 2d 9d 68 d1 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "westnet-eastnet-ipv4-psk-ikev2" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x7f0524002b20 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x55f33d561ee0 size 128 | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49581.867271 | resume sending helper answer for #1 suppresed complete_v2_state_transition() | #1 spent 1.08 milliseconds in resume sending helper answer | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f051c006be0 | spent 0.00251 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 221 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 9c 9c 71 64 08 64 28 f9 44 56 6c dd dc 1d 37 58 | 2e 20 23 20 00 00 00 01 00 00 00 dd 24 00 00 c1 | b1 55 40 52 b5 af d2 63 75 41 a7 d7 09 b3 52 8b | 44 8e e3 18 4d 05 f1 a8 89 d2 2f 24 ae b9 52 92 | c4 20 ca 68 51 77 fc 51 5b 45 6a 6b 62 b2 8a b6 | 36 6e b1 34 aa 7d b2 c8 ca e2 58 17 ed de 5c f7 | e0 19 ad 99 ed 51 2b 3c 63 1a 55 f9 6f 8a 99 1c | 73 52 e9 a0 02 34 3a c2 90 77 1f c6 90 31 ad d9 | 75 1d 47 91 9e 59 e8 44 4b 58 5a bf df fa 0d b2 | 21 68 0b 50 25 15 06 14 41 f3 c4 5b 82 24 01 4e | a3 68 5b 50 35 75 26 9d 78 f0 5b b3 96 30 36 c1 | e7 96 e7 60 06 4a da a1 57 28 ed a9 90 b7 59 92 | cc bb 44 82 77 33 d7 d8 24 e3 fb c5 34 ba 69 15 | c8 a9 bd 6a 79 67 ac 27 f4 ef 38 b0 e4 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 9c 9c 71 64 08 64 28 f9 | responder cookie: | 44 56 6c dd dc 1d 37 58 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 221 (0xdd) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #2 is idle | #2 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 193 (0xc1) | processing payload: ISAKMP_NEXT_v2SK (len=189) | #2 in state PARENT_I2: sent v2I2, expected v2R2 | Salt before authenticated decryption: | 9d 64 dd fb | IV before authenticated decryption: | b1 55 40 52 b5 af d2 63 | AAD before authenticated decryption: | 9c 9c 71 64 08 64 28 f9 44 56 6c dd dc 1d 37 58 | 2e 20 23 20 00 00 00 01 00 00 00 dd 24 00 00 c1 | data before authenticated decryption: | 75 41 a7 d7 09 b3 52 8b 44 8e e3 18 4d 05 f1 a8 | 89 d2 2f 24 ae b9 52 92 c4 20 ca 68 51 77 fc 51 | 5b 45 6a 6b 62 b2 8a b6 36 6e b1 34 aa 7d b2 c8 | ca e2 58 17 ed de 5c f7 e0 19 ad 99 ed 51 2b 3c | 63 1a 55 f9 6f 8a 99 1c 73 52 e9 a0 02 34 3a c2 | 90 77 1f c6 90 31 ad d9 75 1d 47 91 9e 59 e8 44 | 4b 58 5a bf df fa 0d b2 21 68 0b 50 25 15 06 14 | 41 f3 c4 5b 82 24 01 4e a3 68 5b 50 35 75 26 9d | 78 f0 5b b3 96 30 36 c1 e7 96 e7 60 06 4a da a1 | 57 28 ed a9 90 b7 59 92 cc bb 44 82 77 33 d7 d8 | 24 e3 fb c5 34 | integ before authenticated decryption: | ba 69 15 c8 a9 bd 6a 79 67 ac 27 f4 ef 38 b0 e4 | data after authenticated decryption: | 27 00 00 08 0d 00 00 00 21 00 00 48 0d 00 00 00 | 65 6c 7c 33 73 19 95 1e e9 13 fd d1 b8 ab 78 52 | c1 f2 6d b2 01 5c 38 99 f9 b9 27 4a b2 66 07 84 | fb a4 cc 9a 7d 07 68 19 98 dc 96 76 a0 67 8b 07 | b7 0a 30 fb 0a 96 aa c4 f8 85 e8 c3 94 d8 fd fc | 2c 00 00 24 00 00 00 20 01 03 04 02 1f 13 6b 97 | 03 00 00 0c 01 00 00 14 80 0e 01 00 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 ba 69 15 c8 a9 bd 6a 79 67 ac 27 | f4 ef 38 b0 e4 | stripping 1 octets as pad | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 8 (0x8) | ID type: ID_NULL (0xd) | processing payload: ISAKMP_NEXT_v2IDr (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 72 (0x48) | auth method: IKEv2_AUTH_NULL (0xd) | processing payload: ISAKMP_NEXT_v2AUTH (len=64) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2SA (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Initiator: process IKE_AUTH response | Now let's proceed with state specific processing | calling processor Initiator: process IKE_AUTH response | ID_NULL: id kind matches | offered CA: '%none' "westnet-eastnet-ipv4-psk-ikev2" #2: IKEv2 mode peer ID is ID_NULL: 'ID_NULL' | hmac PRF sha2_512 init symkey-key@0x55f33d540040 (size 64) | hmac: symkey-key@0x55f33d540040 (64-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA512_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x55f33d540040 (64-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be5e408 | result: clone-key@0x7f051c008af0 (64-bytes, SHA512_HMAC) | hmac prf: created sha2_512 context 0x55f33d541a70 from symkey-key@0x7f051c008af0 | hmac prf: begin sha2_512 with context 0x55f33d541a70 from symkey-key@0x7f051c008af0 | hmac: release clone-key@0x7f051c008af0 | hmac PRF sha2_512 crypt-prf@0x55f33d55db70 | idhash auth R2 0d 00 00 00 | hmac PRF sha2_512 update data-bytes@0x55f33d55a76c (length 4) | 0d 00 00 00 | hmac PRF sha2_512 final-bytes@0x7ffc7be5e560 (length 64) | 4f 96 a6 8b 99 0b ae 16 c9 7e 3c d6 32 ab 94 55 | b4 8a 03 21 91 01 04 ff 48 b4 ef 32 42 d8 29 63 | 64 56 d0 fe 8e 13 e0 1a 4a b1 79 73 b1 e0 72 2e | 01 bf c0 a2 74 63 c6 04 a1 ef 7a 1d 6c b3 e1 97 | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=null | inputs to hash1 (first packet) | 9c 9c 71 64 08 64 28 f9 44 56 6c dd dc 1d 37 58 | 21 20 22 20 00 00 00 00 00 00 01 c7 22 00 00 28 | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 | 04 00 00 0e 28 00 01 08 00 0e 00 00 1b 1b 7c 98 | d7 69 fd 5f 80 5c 2f ac 83 93 0f d1 f4 70 8b 3b | fb 8d 33 16 34 f0 f9 cf ea f3 07 7c 2e ac a1 c5 | f1 29 34 d9 3f 04 98 af 47 57 67 0b 93 a7 99 02 | 15 e3 de 93 43 7c 4f e6 13 cd f8 c5 73 23 95 b7 | 41 08 8a a4 f9 50 d3 7e a5 a0 99 39 36 84 74 34 | 09 8a ca a0 d6 87 df 25 08 ef d8 5d b4 2c b3 a1 | 2c 58 d4 9e a6 93 82 19 b4 b0 0f df 20 bc 02 06 | 05 e5 91 ab c0 72 38 33 b0 83 01 3b af 8e 20 c1 | 91 c1 d9 4f 4e d2 bc ef 43 4d 35 ca 7c ce 2d d9 | 8d 28 76 bd cb a2 b2 23 ca 22 43 35 2c 16 be 1d | b0 86 d1 e9 7f 97 67 57 75 90 9a 32 32 cd c2 2c | be 81 e5 77 9f 66 b5 9c c8 b7 bf a0 d1 ed ca bf | c8 44 30 23 0a cb 75 7b 01 9a cd 2e e0 b0 95 55 | 72 59 f2 78 44 f7 b4 ff 12 cb 1c 2b 82 f4 ad 73 | 06 db 72 c8 f8 d4 b6 3b 9d 14 68 8b ed 68 e3 81 | b8 c0 97 07 03 83 d9 d3 fb a3 ee 63 29 00 00 24 | 53 a3 dd f4 8e b2 ab 9f 98 50 a1 42 0a bb cf 7c | 1d e6 99 58 89 5c d8 e7 92 0f 86 7b b0 dd 24 43 | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 | 9c d4 ca cd cf 8d 3c fe 3d d3 a7 06 7a 76 bd d7 | 56 e2 dd de 2b 00 00 1c 00 00 40 05 be 21 d9 90 | f9 31 32 e7 a7 0a 1e 7d 12 cc 51 dd 30 fb d8 80 | 00 00 00 17 4f 70 70 6f 72 74 75 6e 69 73 74 69 | 63 20 49 50 73 65 63 | verify: initiator inputs to hash2 (initiator nonce) | 84 06 e0 c1 6e 54 4e d2 35 a9 2c ec 84 a9 87 56 | 02 8a 1c a7 7c c0 b8 29 5b 05 8c f1 32 ca 02 f9 | idhash 4f 96 a6 8b 99 0b ae 16 c9 7e 3c d6 32 ab 94 55 | idhash b4 8a 03 21 91 01 04 ff 48 b4 ef 32 42 d8 29 63 | idhash 64 56 d0 fe 8e 13 e0 1a 4a b1 79 73 b1 e0 72 2e | idhash 01 bf c0 a2 74 63 c6 04 a1 ef 7a 1d 6c b3 e1 97 | = prf(,"Key Pad for IKEv2") PRF sha2_512 init shared secret-chunk@0x7f051c00c280 (length 64) | 25 54 80 6f 99 ad 48 a8 be d4 1b ab 78 6e 08 45 | e1 83 3f 82 c3 32 2f 1b 38 a6 e9 8a 08 9c 37 2d | 3f 2b 3c 72 eb 7c b7 b2 2d 1b 53 ea 61 7d 96 97 | 4b 82 62 08 a7 bd 7b 70 e0 16 94 6c 60 df 31 eb | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be5e210 | result: shared secret-key@0x7f0524006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA512_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x7f0524006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be5e1f8 | result: shared secret-key@0x7f051c008af0 (64-bytes, SHA512_HMAC) | shared secret: release tmp-key@0x7f0524006900 | = prf(,"Key Pad for IKEv2") prf: created sha2_512 context 0x55f33d541a70 from shared secret-key@0x7f051c008af0 | = prf(,"Key Pad for IKEv2") prf: begin sha2_512 with context 0x55f33d541a70 from shared secret-key@0x7f051c008af0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f051c008af0 | = prf(,"Key Pad for IKEv2") PRF sha2_512 crypt-prf@0x55f33d55b340 | = prf(,"Key Pad for IKEv2") PRF sha2_512 update Key Pad for IKEv2-bytes@0x55f33b99fbb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be5e230 | result: final-key@0x7f0524006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 64-bytes | base: base-key@0x7f0524006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be5e218 | result: final-key@0x7f051c008af0 (64-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f0524006900 | = prf(,"Key Pad for IKEv2") PRF sha2_512 final-key@0x7f051c008af0 (size 64) | = prf(,"Key Pad for IKEv2"): key-key@0x7f051c008af0 (64-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha2_512 init -key@0x7f051c008af0 (size 64) | = prf(, ): -key@0x7f051c008af0 (64-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA512_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x7f051c008af0 (64-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be5e228 | result: clone-key@0x7f0524006900 (64-bytes, SHA512_HMAC) | = prf(, ) prf: created sha2_512 context 0x55f33d541a70 from -key@0x7f0524006900 | = prf(, ) prf: begin sha2_512 with context 0x55f33d541a70 from -key@0x7f0524006900 | = prf(, ): release clone-key@0x7f0524006900 | = prf(, ) PRF sha2_512 crypt-prf@0x55f33d55db70 | = prf(, ) PRF sha2_512 update first-packet-bytes@0x55f33d55d710 (length 455) | 9c 9c 71 64 08 64 28 f9 44 56 6c dd dc 1d 37 58 | 21 20 22 20 00 00 00 00 00 00 01 c7 22 00 00 28 | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 | 04 00 00 0e 28 00 01 08 00 0e 00 00 1b 1b 7c 98 | d7 69 fd 5f 80 5c 2f ac 83 93 0f d1 f4 70 8b 3b | fb 8d 33 16 34 f0 f9 cf ea f3 07 7c 2e ac a1 c5 | f1 29 34 d9 3f 04 98 af 47 57 67 0b 93 a7 99 02 | 15 e3 de 93 43 7c 4f e6 13 cd f8 c5 73 23 95 b7 | 41 08 8a a4 f9 50 d3 7e a5 a0 99 39 36 84 74 34 | 09 8a ca a0 d6 87 df 25 08 ef d8 5d b4 2c b3 a1 | 2c 58 d4 9e a6 93 82 19 b4 b0 0f df 20 bc 02 06 | 05 e5 91 ab c0 72 38 33 b0 83 01 3b af 8e 20 c1 | 91 c1 d9 4f 4e d2 bc ef 43 4d 35 ca 7c ce 2d d9 | 8d 28 76 bd cb a2 b2 23 ca 22 43 35 2c 16 be 1d | b0 86 d1 e9 7f 97 67 57 75 90 9a 32 32 cd c2 2c | be 81 e5 77 9f 66 b5 9c c8 b7 bf a0 d1 ed ca bf | c8 44 30 23 0a cb 75 7b 01 9a cd 2e e0 b0 95 55 | 72 59 f2 78 44 f7 b4 ff 12 cb 1c 2b 82 f4 ad 73 | 06 db 72 c8 f8 d4 b6 3b 9d 14 68 8b ed 68 e3 81 | b8 c0 97 07 03 83 d9 d3 fb a3 ee 63 29 00 00 24 | 53 a3 dd f4 8e b2 ab 9f 98 50 a1 42 0a bb cf 7c | 1d e6 99 58 89 5c d8 e7 92 0f 86 7b b0 dd 24 43 | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 | 9c d4 ca cd cf 8d 3c fe 3d d3 a7 06 7a 76 bd d7 | 56 e2 dd de 2b 00 00 1c 00 00 40 05 be 21 d9 90 | f9 31 32 e7 a7 0a 1e 7d 12 cc 51 dd 30 fb d8 80 | 00 00 00 17 4f 70 70 6f 72 74 75 6e 69 73 74 69 | 63 20 49 50 73 65 63 | = prf(, ) PRF sha2_512 update nonce-bytes@0x7f0524002af0 (length 32) | 84 06 e0 c1 6e 54 4e d2 35 a9 2c ec 84 a9 87 56 | 02 8a 1c a7 7c c0 b8 29 5b 05 8c f1 32 ca 02 f9 | = prf(, ) PRF sha2_512 update hash-bytes@0x7ffc7be5e560 (length 64) | 4f 96 a6 8b 99 0b ae 16 c9 7e 3c d6 32 ab 94 55 | b4 8a 03 21 91 01 04 ff 48 b4 ef 32 42 d8 29 63 | 64 56 d0 fe 8e 13 e0 1a 4a b1 79 73 b1 e0 72 2e | 01 bf c0 a2 74 63 c6 04 a1 ef 7a 1d 6c b3 e1 97 | = prf(, ) PRF sha2_512 final-chunk@0x55f33d559c60 (length 64) | 65 6c 7c 33 73 19 95 1e e9 13 fd d1 b8 ab 78 52 | c1 f2 6d b2 01 5c 38 99 f9 b9 27 4a b2 66 07 84 | fb a4 cc 9a 7d 07 68 19 98 dc 96 76 a0 67 8b 07 | b7 0a 30 fb 0a 96 aa c4 f8 85 e8 c3 94 d8 fd fc | psk_auth: release prf-psk-key@0x7f051c008af0 | Received PSK auth octets | 65 6c 7c 33 73 19 95 1e e9 13 fd d1 b8 ab 78 52 | c1 f2 6d b2 01 5c 38 99 f9 b9 27 4a b2 66 07 84 | fb a4 cc 9a 7d 07 68 19 98 dc 96 76 a0 67 8b 07 | b7 0a 30 fb 0a 96 aa c4 f8 85 e8 c3 94 d8 fd fc | Calculated PSK auth octets | 65 6c 7c 33 73 19 95 1e e9 13 fd d1 b8 ab 78 52 | c1 f2 6d b2 01 5c 38 99 f9 b9 27 4a b2 66 07 84 | fb a4 cc 9a 7d 07 68 19 98 dc 96 76 a0 67 8b 07 | b7 0a 30 fb 0a 96 aa c4 f8 85 e8 c3 94 d8 fd fc "westnet-eastnet-ipv4-psk-ikev2" #2: Authenticated using authby=null | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) | state #1 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x55f33d55da80 | free_event_entry: release EVENT_SA_REPLACE-pe@0x55f33d55da40 | event_schedule: new EVENT_SA_REKEY-pe@0x55f33d55da40 | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 | libevent_malloc: new ptr-libevent@0x55f33d55da80 size 128 | pstats #1 ikev2.ike established | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | evaluating our conn="westnet-eastnet-ipv4-psk-ikev2" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found an acceptable TSi/TSr Traffic Selector | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | using existing local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 0 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 1 transforms | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH | local proposal 3 type ENCR has 1 transforms | local proposal 3 type PRF has 0 transforms | local proposal 3 type INTEG has 2 transforms | local proposal 3 type DH has 1 transforms | local proposal 3 type ESN has 1 transforms | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH | local proposal 4 type ENCR has 1 transforms | local proposal 4 type PRF has 0 transforms | local proposal 4 type INTEG has 2 transforms | local proposal 4 type DH has 1 transforms | local proposal 4 type ESN has 1 transforms | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 32 (0x20) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 2 (0x2) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 1f 13 6b 97 | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=1f136b97;ENCR=AES_GCM_C_256;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_GCM_C=20, found AES_GCM_16 | integrity ike_alg_lookup_by_id id: NONE=0, found NONE | DH ike_alg_lookup_by_id id: NONE=0, found NONE | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be5e310 | result: data=Ni-key@0x7f0524006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x7f0524006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be5e2f8 | result: data=Ni-key@0x7f051c008af0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x7f0524006900 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f051c008af0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffc7be5e300 | result: data+=Nr-key@0x7f0524006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f051c008af0 | prf+0 PRF sha2_512 init key-key@0x55f33d548d40 (size 64) | prf+0: key-key@0x55f33d548d40 (64-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA512_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x55f33d548d40 (64-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be5e228 | result: clone-key@0x7f051c008af0 (64-bytes, SHA512_HMAC) | prf+0 prf: created sha2_512 context 0x55f33d541a70 from key-key@0x7f051c008af0 | prf+0 prf: begin sha2_512 with context 0x55f33d541a70 from key-key@0x7f051c008af0 | prf+0: release clone-key@0x7f051c008af0 | prf+0 PRF sha2_512 crypt-prf@0x55f33d55b340 | prf+0 PRF sha2_512 update seed-key@0x7f0524006900 (size 64) | prf+0: seed-key@0x7f0524006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f0524006900 | nss hmac digest hack: symkey-key@0x7f0524006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55f33d542510 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)2078662256: 5d 3f ffffffe9 11 2b ffffffbd 42 15 2f 0f fffffff8 ffffff92 46 ffffff89 ffffffa5 ffffffa9 ffffffcd ffffff98 fffffffd 63 ffffffd3 02 ffffffb7 0e ffffff9c ffffffb8 ffffff84 19 58 51 ffffffd7 72 4c 6a ffffffbf ffffffc0 ffffffde ffffffab 61 6b ffffffef 4b ffffffcc 4d 78 ffffff9a ffffffb9 ffffffa7 ffffffe1 62 70 fffffffa 6f ffffffa1 58 75 6e ffffffb5 ffffffc3 ffffffb5 63 0b ffffffc2 3d | nss hmac digest hack: release slot-key-key@0x55f33d542510 | nss hmac digest hack extracted len 64 bytes at 0x55f33d55ff00 | unwrapped: 84 06 e0 c1 6e 54 4e d2 35 a9 2c ec 84 a9 87 56 | unwrapped: 02 8a 1c a7 7c c0 b8 29 5b 05 8c f1 32 ca 02 f9 | unwrapped: 53 a3 dd f4 8e b2 ab 9f 98 50 a1 42 0a bb cf 7c | unwrapped: 1d e6 99 58 89 5c d8 e7 92 0f 86 7b b0 dd 24 43 | prf+0 PRF sha2_512 update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be5e230 | result: final-key@0x7f051c006be0 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 64-bytes | base: base-key@0x7f051c006be0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be5e218 | result: final-key@0x7f051c008af0 (64-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f051c006be0 | prf+0 PRF sha2_512 final-key@0x7f051c008af0 (size 64) | prf+0: key-key@0x7f051c008af0 (64-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7f051c008af0 | prf+N PRF sha2_512 init key-key@0x55f33d548d40 (size 64) | prf+N: key-key@0x55f33d548d40 (64-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA512_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x55f33d548d40 (64-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be5e228 | result: clone-key@0x7f051c006be0 (64-bytes, SHA512_HMAC) | prf+N prf: created sha2_512 context 0x55f33d541a70 from key-key@0x7f051c006be0 | prf+N prf: begin sha2_512 with context 0x55f33d541a70 from key-key@0x7f051c006be0 | prf+N: release clone-key@0x7f051c006be0 | prf+N PRF sha2_512 crypt-prf@0x55f33d55db70 | prf+N PRF sha2_512 update old_t-key@0x7f051c008af0 (size 64) | prf+N: old_t-key@0x7f051c008af0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f051c008af0 | nss hmac digest hack: symkey-key@0x7f051c008af0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55f33d542510 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)2078662256: fffffff5 ffffffb3 ffffffcd 41 6e 17 58 ffffffc8 59 15 48 69 48 75 0f 46 ffffff82 ffffffd5 1e ffffffff 28 ffffffab ffffffb4 ffffffc2 72 0d 62 5c 50 2b 2e 16 39 39 fffffff2 ffffffe0 1d 66 37 ffffffdc 33 72 ffffffba ffffff87 43 1e ffffff8e fffffffc ffffffdd 5d 7c ffffff96 2b ffffffed 5d 3b 3c 6f ffffffc6 ffffff87 31 ffffffe1 ffffff85 ffffffbc | nss hmac digest hack: release slot-key-key@0x55f33d542510 | nss hmac digest hack extracted len 64 bytes at 0x55f33d55fbf0 | unwrapped: 66 3a 2b 03 61 43 d7 1c 75 78 63 08 6d cb 60 dc | unwrapped: 7f 9e 9c 09 e6 48 58 8a 56 33 ac 8b 90 94 84 2e | unwrapped: 36 68 ab b3 57 5f 4e 23 68 26 d3 16 5e 30 f2 a0 | unwrapped: 68 0e 18 b0 0a eb 29 f5 1b c5 1b b7 55 c4 80 13 | prf+N PRF sha2_512 update seed-key@0x7f0524006900 (size 64) | prf+N: seed-key@0x7f0524006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f0524006900 | nss hmac digest hack: symkey-key@0x7f0524006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x55f33d542510 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)2078662256: 5d 3f ffffffe9 11 2b ffffffbd 42 15 2f 0f fffffff8 ffffff92 46 ffffff89 ffffffa5 ffffffa9 ffffffcd ffffff98 fffffffd 63 ffffffd3 02 ffffffb7 0e ffffff9c ffffffb8 ffffff84 19 58 51 ffffffd7 72 4c 6a ffffffbf ffffffc0 ffffffde ffffffab 61 6b ffffffef 4b ffffffcc 4d 78 ffffff9a ffffffb9 ffffffa7 ffffffe1 62 70 fffffffa 6f ffffffa1 58 75 6e ffffffb5 ffffffc3 ffffffb5 63 0b ffffffc2 3d | nss hmac digest hack: release slot-key-key@0x55f33d542510 | nss hmac digest hack extracted len 64 bytes at 0x55f33d564c00 | unwrapped: 84 06 e0 c1 6e 54 4e d2 35 a9 2c ec 84 a9 87 56 | unwrapped: 02 8a 1c a7 7c c0 b8 29 5b 05 8c f1 32 ca 02 f9 | unwrapped: 53 a3 dd f4 8e b2 ab 9f 98 50 a1 42 0a bb cf 7c | unwrapped: 1d e6 99 58 89 5c d8 e7 92 0f 86 7b b0 dd 24 43 | prf+N PRF sha2_512 update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffc7be5e230 | result: final-key@0x55f33d560080 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 64-bytes | base: base-key@0x55f33d560080 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be5e218 | result: final-key@0x7f051c006be0 (64-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x55f33d560080 | prf+N PRF sha2_512 final-key@0x7f051c006be0 (size 64) | prf+N: key-key@0x7f051c006be0 (64-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f051c008af0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffc7be5e2a8 | result: result-key@0x55f33d560080 (128-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f051c008af0 | prfplus: release old_t[N]-key@0x7f051c008af0 | prfplus: release old_t[final]-key@0x7f051c006be0 | child_sa_keymat: release data-key@0x7f0524006900 | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x55f33d560080 (128-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be5e388 | result: result-key@0x7f0524006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 36 bytes of key@0x7f0524006900 | initiator to responder keys: symkey-key@0x7f0524006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x55f33d542510 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)-280850065: fffffff5 ffffffb3 ffffffcd 41 6e 17 58 ffffffc8 59 15 48 69 48 75 0f 46 ffffff82 ffffffd5 1e ffffffff 28 ffffffab ffffffb4 ffffffc2 72 0d 62 5c 50 2b 2e 16 72 54 ffffffe0 ffffffe1 28 7e ffffffde 1e 6f ffffffab 43 3f ffffffea ffffffdf 43 ffffffb5 | initiator to responder keys: release slot-key-key@0x55f33d542510 | initiator to responder keys extracted len 48 bytes at 0x55f33d564e50 | unwrapped: 66 3a 2b 03 61 43 d7 1c 75 78 63 08 6d cb 60 dc | unwrapped: 7f 9e 9c 09 e6 48 58 8a 56 33 ac 8b 90 94 84 2e | unwrapped: 36 68 ab b3 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x7f0524006900 | key-offset: 36, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x55f33d560080 (128-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffc7be5e388 | result: result-key@0x7f0524006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 36 bytes of key@0x7f0524006900 | responder to initiator keys:: symkey-key@0x7f0524006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x55f33d4bc080 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x55f33d542510 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)-280850065: 2c 02 33 ffffffc4 44 20 ffffffa2 78 76 61 ffffffd9 1f ffffff9d ffffffc9 ffffff95 ffffff84 ffffffb7 00 ffffffcf 0b 6e ffffffcc ffffff93 ffffffb6 ffffffb1 25 0e 3d 4a ffffff92 5d 21 ffffffd0 67 ffffffeb 09 ffffffa1 ffffffca fffffffa ffffffe1 3f ffffffe0 ffffff88 fffffff4 ffffffc0 ffffffa6 64 ffffffd0 | responder to initiator keys:: release slot-key-key@0x55f33d542510 | responder to initiator keys: extracted len 48 bytes at 0x55f33d564e90 | unwrapped: 57 5f 4e 23 68 26 d3 16 5e 30 f2 a0 68 0e 18 b0 | unwrapped: 0a eb 29 f5 1b c5 1b b7 55 c4 80 13 86 47 db 14 | unwrapped: 27 e0 50 06 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x7f0524006900 | ikev2_derive_child_keys: release keymat-key@0x55f33d560080 | #1 spent 1.66 milliseconds | install_ipsec_sa() for #2: inbound and outbound | could_route called for westnet-eastnet-ipv4-psk-ikev2 (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 | AES_GCM_16 requires 4 salt bytes | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.1f136b97@192.1.2.23 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 | AES_GCM_16 requires 4 salt bytes | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.ef0fa8d8@192.1.2.45 included non-error error | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #2: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL | route_and_eroute with c: westnet-eastnet-ipv4-psk-ikev2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | ID_NULL: id kind matches | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='ID_NULL' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='ID_NULL' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTHNULL+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' | popen cmd is 1068 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv: | cmd( 80):4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.: | cmd( 160):2.45' PLUTO_MY_ID='ID_NULL' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET=': | cmd( 240):192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTO: | cmd( 320):COL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO: | cmd( 400):_PEER_ID='ID_NULL' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0: | cmd( 480):.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROT: | cmd( 560):OCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLI: | cmd( 640):CY='AUTHNULL+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_AL: | cmd( 720):LOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FA: | cmd( 800):ILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' : | cmd( 880):PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGUR: | cmd( 960):ED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x1f136b97 SPI_OUT=0: | cmd(1040):xef0fa8d8 ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-client | ID_NULL: id kind matches | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='ID_NULL' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='ID_NULL' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTHNULL+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_RO | popen cmd is 1073 chars long | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='1: | cmd( 160):92.1.2.45' PLUTO_MY_ID='ID_NULL' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_: | cmd( 240):NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_: | cmd( 320):PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' : | cmd( 400):PLUTO_PEER_ID='ID_NULL' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET=': | cmd( 480):192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER: | cmd( 560):_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN: | cmd( 640):_POLICY='AUTHNULL+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FR: | cmd( 720):AG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAU: | cmd( 800):TH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INF: | cmd( 880):O='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CON: | cmd( 960):FIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x1f136b97 SPI_: | cmd(1040):OUT=0xef0fa8d8 ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-client | ID_NULL: id kind matches | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='ID_NULL' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='ID_NULL' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTHNULL+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTIN | popen cmd is 1071 chars long | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: | cmd( 80):ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192: | cmd( 160):.1.2.45' PLUTO_MY_ID='ID_NULL' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NE: | cmd( 240):T='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PL: | cmd( 400):UTO_PEER_ID='ID_NULL' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='19: | cmd( 480):2.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_P: | cmd( 560):ROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_P: | cmd( 640):OLICY='AUTHNULL+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG: | cmd( 720):_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH: | cmd( 800):_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO=: | cmd( 880):'' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFI: | cmd( 960):GURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x1f136b97 SPI_OU: | cmd(1040):T=0xef0fa8d8 ipsec _updown 2>&1: | route_and_eroute: instance "westnet-eastnet-ipv4-psk-ikev2", setting eroute_owner {spd=0x55f33d55a2e0,sr=0x55f33d55a2e0} to #2 (was #0) (newest_ipsec_sa=#0) | #1 spent 0.809 milliseconds in install_ipsec_sa() | inR2: instance westnet-eastnet-ipv4-psk-ikev2[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 | state #2 requesting EVENT_RETRANSMIT to be deleted | #2 STATE_PARENT_I2: retransmits: cleared | libevent_free: release ptr-libevent@0x55f33d561ee0 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f0524002b20 | #2 spent 2.24 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) | Message ID: updating counters for #2 to 1 after switching state | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 | pstats #2 ikev2.child established "westnet-eastnet-ipv4-psk-ikev2" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] | NAT-T: encaps is 'auto' "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x1f136b97 <0xef0fa8d8 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} | releasing whack for #2 (sock=fd@25) | close_any(fd@25) (in release_whack() at state.c:654) | releasing whack and unpending for parent #1 | unpending state #1 connection "westnet-eastnet-ipv4-psk-ikev2" | delete from pending Child SA with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" | removing pending policy for no connection {0x55f33d4b57f0} | close_any(fd@24) (in release_whack() at state.c:654) | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x7f0524002b20 | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 | libevent_malloc: new ptr-libevent@0x55f33d561ee0 size 128 | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #1 spent 2.6 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 2.61 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00443 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00286 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00588 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_STATE_... in show_states_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.ef0fa8d8@192.1.2.45 | get_sa_info esp.1f136b97@192.1.2.23 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.337 milliseconds in whack | spent 0.00257 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 9c 9c 71 64 08 64 28 f9 44 56 6c dd dc 1d 37 58 | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 | 31 f8 84 f3 96 36 fa e6 0a 5f 6d f5 87 b2 9c e6 | 38 97 25 cc 0c 88 64 5d f2 d2 e9 bf a6 83 ee 4a | a0 fd 9c 46 c8 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 9c 9c 71 64 08 64 28 f9 | responder cookie: | 44 56 6c dd dc 1d 37 58 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: none (0x0) | Message ID: 0 (0x0) | length: 69 (0x45) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 41 (0x29) | processing payload: ISAKMP_NEXT_v2SK (len=37) | Message ID: start-responder #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #1 in state PARENT_I3: PARENT SA established | Salt before authenticated decryption: | 9d 64 dd fb | IV before authenticated decryption: | 31 f8 84 f3 96 36 fa e6 | AAD before authenticated decryption: | 9c 9c 71 64 08 64 28 f9 44 56 6c dd dc 1d 37 58 | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 | data before authenticated decryption: | 0a 5f 6d f5 87 b2 9c e6 38 97 25 cc 0c | integ before authenticated decryption: | 88 64 5d f2 d2 e9 bf a6 83 ee 4a a0 fd 9c 46 c8 | data after authenticated decryption: | 00 00 00 0c 03 04 00 01 1f 13 6b 97 00 88 64 5d | f2 d2 e9 bf a6 83 ee 4a a0 fd 9c 46 c8 | stripping 1 octets as pad | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 12 (0xc) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | processing payload: ISAKMP_NEXT_v2D (len=4) | selected state microcode I3: INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor I3: INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | 9c 9c 71 64 08 64 28 f9 | responder cookie: | 44 56 6c dd dc 1d 37 58 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | parsing 4 raw bytes of IKEv2 Delete Payload into SPI | SPI 1f 13 6b 97 | delete PROTO_v2_ESP SA(0x1f136b97) | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x1f136b97) "westnet-eastnet-ipv4-psk-ikev2" #1: received Delete SA payload: replace IPsec State #2 now | state #2 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x55f33d561ee0 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f0524002b20 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f0524002b20 | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 | libevent_malloc: new ptr-libevent@0x55f33d561ee0 size 128 | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload | local SPIs ef 0f a8 d8 | emitting length of IKEv2 Delete Payload: 12 | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 41 | emitting length of ISAKMP Message: 69 | Salt before authenticated encryption: | 86 57 ba 96 | IV before authenticated encryption: | 25 c6 ba 0e e3 fb e4 b0 | AAD before authenticated encryption: | 9c 9c 71 64 08 64 28 f9 44 56 6c dd dc 1d 37 58 | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 | data before authenticated encryption: | 00 00 00 0c 03 04 00 01 ef 0f a8 d8 00 | integ before authenticated encryption: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | data after authenticated encryption: | 56 2c e3 3f 57 73 d6 13 ef f8 1e 4d 7f | integ after authenticated encryption: | b5 cb 3d 8c ab 1b 54 f0 41 17 35 48 e7 1f 59 0f | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 9c 9c 71 64 08 64 28 f9 44 56 6c dd dc 1d 37 58 | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 | 25 c6 ba 0e e3 fb e4 b0 56 2c e3 3f 57 73 d6 13 | ef f8 1e 4d 7f b5 cb 3d 8c ab 1b 54 f0 41 17 35 | 48 e7 1f 59 0f | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 | Message ID: sent #1 response 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 | #1 spent 0.18 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK | Message ID: updating counters for #1 to 0 after switching state | Message ID: recv #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 | Message ID: #1 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 "westnet-eastnet-ipv4-psk-ikev2" #1: STATE_PARENT_I3: PARENT SA established | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #1 spent 0.37 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.382 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x7f0524002b20 | handling event EVENT_SA_REPLACE for child state #2 | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) | picked newest_ipsec_sa #2 for #2 | replacing stale CHILD SA | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) | FOR_EACH_STATE_... in find_phase1_state | ID_NULL: id kind matches | ID_NULL: id kind matches | FOR_EACH_STATE_... in find_pending_phase2 | creating state object #3 at 0x55f33d564fe0 | State DB: adding IKEv2 state #3 in UNDEFINED | pstats #3 ikev2.child started | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #3 for IPSEC SA | #3 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1481) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x55f33d548d40 | duplicate_state: reference st_skey_ai_nss-key@NULL | duplicate_state: reference st_skey_ar_nss-key@NULL | duplicate_state: reference st_skey_ei_nss-key@0x55f33d53e7c0 | duplicate_state: reference st_skey_er_nss-key@0x55f33d545910 | duplicate_state: reference st_skey_pi_nss-key@0x55f33d54c360 | duplicate_state: reference st_skey_pr_nss-key@0x55f33d540040 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) | child state #3: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) | create child proposal's DH changed from no-PFS to MODP2048, flushing | constructing ESP/AH proposals with default DH MODP2048 for westnet-eastnet-ipv4-psk-ikev2 (ESP/AH initiator emitting proposals) | converting proposal AES_GCM_16_256-NONE to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED | converting proposal AES_GCM_16_128-NONE to ikev2 ... | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED "westnet-eastnet-ipv4-psk-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | #3 schedule rekey initiate IPsec SA AUTHNULL+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x55f33d55d990 | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 | libevent_malloc: new ptr-libevent@0x55f33d560110 size 128 | RESET processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) | event_schedule: new EVENT_SA_EXPIRE-pe@0x55f33d559c60 | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 | libevent_malloc: new ptr-libevent@0x55f33d55fb40 size 128 | libevent_free: release ptr-libevent@0x55f33d561ee0 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f0524002b20 | #2 spent 0.161 milliseconds in timer_event_cb() EVENT_SA_REPLACE | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | timer_event_cb: processing event@0x55f33d55d990 | handling event EVENT_v2_INITIATE_CHILD for child state #3 | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) | adding Child Rekey Initiator KE and nonce ni work-order 3 for state #3 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f0524002b20 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 | libevent_malloc: new ptr-libevent@0x55f33d561ee0 size 128 | libevent_free: release ptr-libevent@0x55f33d560110 | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x55f33d55d990 | #3 spent 0.03 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD | stop processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) | timer_event_cb: processing event@0x55f33d559c60 | handling event EVENT_SA_EXPIRE for child state #2 | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) | picked newest_ipsec_sa #2 for #2 | un-established partial CHILD SA timeout (SA expired) | pstats #2 ikev2.child re-failed exchange-timeout | pstats #2 ikev2.child deleted completed | #2 spent 2.4 milliseconds in total | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:879) "westnet-eastnet-ipv4-psk-ikev2" #2: deleting state (STATE_V2_IPSEC_I) aged 5.175s and NOT sending notification | child state #2: V2_IPSEC_I(established CHILD SA) => delete | get_sa_info esp.1f136b97@192.1.2.23 | get_sa_info esp.ef0fa8d8@192.1.2.45 "westnet-eastnet-ipv4-psk-ikev2" #2: ESP traffic information: in=336B out=336B | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) | crypto helper 2 resuming | crypto helper 2 starting work-order 3 for state #3 | crypto helper 2 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | running updown command "ipsec _updown" for verb down | command executing down-client | ID_NULL: id kind matches | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='ID_NULL' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='ID_NULL' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050935' PLUTO_CONN_POLICY='AUTHNULL+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI | popen cmd is 1079 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-i: | cmd( 80):pv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.: | cmd( 160):1.2.45' PLUTO_MY_ID='ID_NULL' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET: | cmd( 240):='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PRO: | cmd( 320):TOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLU: | cmd( 400):TO_PEER_ID='ID_NULL' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192: | cmd( 480):.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PR: | cmd( 560):OTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050935' PLUT: | cmd( 640):O_CONN_POLICY='AUTHNULL+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+: | cmd( 720):IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv: | cmd( 800):4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMA: | cmd( 880):IN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_: | cmd( 960):NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x1f136b9: | cmd(1040):7 SPI_OUT=0xef0fa8d8 ipsec _updown 2>&1: | DH secret MODP2048@0x7f0520000d60: created | NSS: Local DH MODP2048 secret (pointer): 0x7f0520000d60 | NSS: Public DH wire value: | e5 a1 6a 5a 67 42 d5 50 f6 87 32 e0 53 00 83 21 | 0e 11 15 57 e4 82 5a b7 96 bc da 96 86 82 92 03 | 82 75 7f 92 a3 d4 f7 45 de 4c 08 56 9f d3 97 a2 | 54 67 6d e4 08 ab bb 01 43 dc e9 ad 51 ce 2d a1 | ba 8b ff c6 f0 f2 c6 e2 13 97 46 f4 ab 7f fd af | c5 51 6e 3e 5c f2 66 af 04 23 34 0c b7 4b 9a 3d | 5e e6 b1 db d3 de a5 26 64 4a bd d9 4d 62 32 29 | fd 35 72 85 6b 3b da 24 24 12 ed bc a1 0c 12 c8 | 92 96 6e e0 c2 28 1b 54 40 ba 38 b4 e4 34 5b 7b | 6b fb 86 38 90 91 7d 76 4f ae ce ff 41 f8 46 6e | 78 1c 5b e8 9b 2d c5 9f b6 2c dc 31 b1 65 cd bd | 8c 60 6e a5 c5 c0 e7 19 e3 d8 15 68 8b e3 ec d1 | 2b 26 09 94 96 f5 f9 94 f2 2e 8b 2b 19 59 bb b9 | ea 61 e4 54 6d 97 03 8c f7 90 1c e5 0a 9d 03 84 | 4c 26 eb ef 62 35 b7 dc 4b 46 01 30 6e d4 47 a1 | 1e f4 09 74 18 e4 a4 58 82 c0 fa 70 4d da 8b 21 | Generated nonce: 7b 69 bf f6 54 bf bd 19 2d 51 39 6d 55 cb 7e 80 | Generated nonce: 16 f6 c3 a7 ef 30 99 df 3c 90 ef 15 76 26 d0 44 | crypto helper 2 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 time elapsed 0.000687 seconds | (#3) spent 0.685 milliseconds in crypto helper computing work-order 3: Child Rekey Initiator KE and nonce ni (pcr) | crypto helper 2 sending results from work-order 3 for state #3 to event queue | scheduling resume sending helper answer for #3 | libevent_malloc: new ptr-libevent@0x7f0520006900 size 128 | crypto helper 2 waiting (nothing to do) | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.1f136b97@192.1.2.23 | netlink response for Del SA esp.1f136b97@192.1.2.23 included non-error error | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | delete esp.ef0fa8d8@192.1.2.45 | netlink response for Del SA esp.ef0fa8d8@192.1.2.45 included non-error error | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 | State DB: deleting IKEv2 state #2 in CHILDSA_DEL | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x55f33d548d40 | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@0x55f33d53e7c0 | delete_state: release st->st_skey_er_nss-key@0x55f33d545910 | delete_state: release st->st_skey_pi_nss-key@0x55f33d54c360 | delete_state: release st->st_skey_pr_nss-key@0x55f33d540040 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | State DB: found IKEv2 state #3 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) | can't expire unused IKE SA #1; it has the child #3 | libevent_free: release ptr-libevent@0x55f33d55fb40 | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55f33d559c60 | in statetime_stop() and could not find #2 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | spent 0.00293 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 9c 9c 71 64 08 64 28 f9 44 56 6c dd dc 1d 37 58 | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 | 93 b0 4b 50 49 06 48 85 50 00 04 79 6c 8d 36 15 | 3c c3 3a 8e 35 30 c8 ac c7 7c 67 91 43 62 2c dc | 38 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 9c 9c 71 64 08 64 28 f9 | responder cookie: | 44 56 6c dd dc 1d 37 58 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: none (0x0) | Message ID: 1 (0x1) | length: 65 (0x41) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 37 (0x25) | processing payload: ISAKMP_NEXT_v2SK (len=33) | Message ID: start-responder #1 request 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 | #1 in state PARENT_I3: PARENT SA established | Salt before authenticated decryption: | 9d 64 dd fb | IV before authenticated decryption: | 93 b0 4b 50 49 06 48 85 | AAD before authenticated decryption: | 9c 9c 71 64 08 64 28 f9 44 56 6c dd dc 1d 37 58 | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 | data before authenticated decryption: | 50 00 04 79 6c 8d 36 15 3c | integ before authenticated decryption: | c3 3a 8e 35 30 c8 ac c7 7c 67 91 43 62 2c dc 38 | data after authenticated decryption: | 00 00 00 08 01 00 00 00 00 c3 3a 8e 35 30 c8 ac | c7 7c 67 91 43 62 2c dc 38 | stripping 1 octets as pad | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | processing payload: ISAKMP_NEXT_v2D (len=0) | selected state microcode I3: INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor I3: INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | 9c 9c 71 64 08 64 28 f9 | responder cookie: | 44 56 6c dd dc 1d 37 58 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | adding 1 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 29 | emitting length of ISAKMP Message: 57 | Salt before authenticated encryption: | 86 57 ba 96 | IV before authenticated encryption: | 7a 79 3c ee 31 55 a4 3d | AAD before authenticated encryption: | 9c 9c 71 64 08 64 28 f9 44 56 6c dd dc 1d 37 58 | 2e 20 25 28 00 00 00 01 00 00 00 39 00 00 00 1d | data before authenticated encryption: | 00 | integ before authenticated encryption: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | data after authenticated encryption: | ed | integ after authenticated encryption: | ea c3 0d 05 58 ee b3 5a 58 d3 df 27 fb 4b bc 22 | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 9c 9c 71 64 08 64 28 f9 44 56 6c dd dc 1d 37 58 | 2e 20 25 28 00 00 00 01 00 00 00 39 00 00 00 1d | 7a 79 3c ee 31 55 a4 3d ed ea c3 0d 05 58 ee b3 | 5a 58 d3 df 27 fb 4b bc 22 | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 | Message ID: sent #1 response 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) | pstats #3 ikev2.child deleted other | #3 spent 0.03 milliseconds in total | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:879) | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:879) "westnet-eastnet-ipv4-psk-ikev2" #3: deleting other state #3 (STATE_CHILDSA_DEL) aged 0.019s and NOT sending notification | child state #3: CHILDSA_DEL(informational) => delete | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55f33d561ee0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f0524002b20 | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 | State DB: deleting IKEv2 state #3 in CHILDSA_DEL | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1143) | resume processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x55f33d548d40 | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@0x55f33d53e7c0 | delete_state: release st->st_skey_er_nss-key@0x55f33d545910 | delete_state: release st->st_skey_pi_nss-key@0x55f33d54c360 | delete_state: release st->st_skey_pr_nss-key@0x55f33d540040 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | State DB: IKEv2 state not found (delete_my_family) | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) | pstats #1 ikev2.ike deleted completed | #1 spent 8.59 milliseconds in total | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:879) "westnet-eastnet-ipv4-psk-ikev2" #1: deleting state (STATE_IKESA_DEL) aged 5.201s and NOT sending notification | parent state #1: IKESA_DEL(established IKE SA) => delete | state #1 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x55f33d55da80 | free_event_entry: release EVENT_SA_REKEY-pe@0x55f33d55da40 | State DB: IKEv2 state not found (flush_incomplete_children) | picked newest_isakmp_sa #0 for #1 "westnet-eastnet-ipv4-psk-ikev2" #1: deleting IKE SA for connection 'westnet-eastnet-ipv4-psk-ikev2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS | add revival: connection 'westnet-eastnet-ipv4-psk-ikev2' added to the list and scheduled for 0 seconds | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 | State DB: deleting IKEv2 state #1 in IKESA_DEL | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f0524000d60: destroyed | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x55f33d54aa00 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x55f33d548d40 | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@0x55f33d53e7c0 | delete_state: release st->st_skey_er_nss-key@0x55f33d545910 | delete_state: release st->st_skey_pi_nss-key@0x55f33d54c360 | delete_state: release st->st_skey_pr_nss-key@0x55f33d540040 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | in statetime_stop() and could not find #1 | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3376) | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK | STF_OK but no state object remains | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #1 | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.531 milliseconds in comm_handle_cb() reading and processing packet | processing resume sending helper answer for #3 | crypto helper 2 replies to request ID 3 | calling continuation function 0x55f33b90c630 | work-order 3 state #3 crypto result suppressed | DH secret MODP2048@0x7f0520000d60: destroyed | (#3) spent 0.0167 milliseconds in resume sending helper answer | libevent_free: release ptr-libevent@0x7f0520006900 | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00459 milliseconds in signal handler PLUTO_SIGCHLD | processing global timer EVENT_REVIVE_CONNS Initiating connection westnet-eastnet-ipv4-psk-ikev2 which received a Delete/Notify but must remain up per local policy | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in initiate_a_connection() at initiate.c:186) | connection 'westnet-eastnet-ipv4-psk-ikev2' +POLICY_UP | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #4 at 0x55f33d560300 | State DB: adding IKEv2 state #4 in UNDEFINED | pstats #4 ikev2.ike started | Message ID: init #4: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #4: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #4; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" IKE SA #4 "westnet-eastnet-ipv4-psk-ikev2" "westnet-eastnet-ipv4-psk-ikev2" #4: initiating v2 parent SA | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 4 for state #4 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f0520002b20 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 | libevent_malloc: new ptr-libevent@0x7f0520006900 size 128 | #4 spent 0.0629 milliseconds in ikev2_parent_outI1() | RESET processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 3 resuming | crypto helper 3 starting work-order 4 for state #4 | crypto helper 3 doing build KE and nonce (ikev2_outI1 KE); request ID 4 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | RESET processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:610) | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | spent 0.101 milliseconds in global timer EVENT_REVIVE_CONNS | DH secret MODP2048@0x7f0514000d60: created | NSS: Local DH MODP2048 secret (pointer): 0x7f0514000d60 | NSS: Public DH wire value: | 10 f6 b0 6c 28 81 c0 71 ff 2a 96 f3 bd f1 bd ca | ee 05 ee d4 00 8f a4 04 49 f9 f2 5a 74 95 9d 68 | 4b 34 26 b3 1c 23 4b 25 7d 14 9d 33 71 70 55 82 | 19 8e 02 54 ca e5 d9 11 08 92 67 f1 a7 48 32 0d | e6 24 2d 09 db 5c 32 23 5d a3 38 a9 08 65 63 8f | 36 c8 3b ce 1d ea e8 c6 a4 c3 cb 67 bf 0d 5e 76 | 21 0e 00 c4 67 eb b6 51 54 c1 42 3b 67 e6 87 91 | 05 81 ee 1a e1 92 72 12 67 6b 97 37 4c d1 d8 64 | 8a b0 52 db 13 1a eb 0e a0 a8 78 a7 bf 9b d0 f7 | 2e 4a 0e 34 c5 61 18 31 d6 d6 ba dd a5 8f da f3 | c7 a8 fb 63 00 13 fa 6d 8f 63 30 4e 5e ae 38 b6 | 64 4e 4a dd 91 10 52 35 3e 6f a5 59 93 13 44 c9 | ea 9f 25 b7 76 30 3e 84 7b da 33 7c 74 25 01 b9 | 22 02 8b ca 58 2f cc 6c 87 14 79 0d 30 c0 f6 05 | 80 50 cd 14 90 8d e0 a5 b2 66 5d 6e 76 24 85 7a | 25 df ee 0b 76 ba e0 e2 6c b7 3c 31 46 63 02 9e | Generated nonce: 0f b4 36 08 e4 a3 16 63 2d 3c 3b ed 80 ac e7 47 | Generated nonce: a4 c8 81 5d bd 1e 57 d2 ee f0 e5 1e 36 f9 e1 55 | crypto helper 3 finished build KE and nonce (ikev2_outI1 KE); request ID 4 time elapsed 0.00071 seconds | (#4) spent 0.688 milliseconds in crypto helper computing work-order 4: ikev2_outI1 KE (pcr) | crypto helper 3 sending results from work-order 4 for state #4 to event queue | scheduling resume sending helper answer for #4 | libevent_malloc: new ptr-libevent@0x7f0514006900 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #4 | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 4 | calling continuation function 0x55f33b90c630 | ikev2_parent_outI1_continue for #4 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f0514000d60: transferring ownership from helper KE to state #4 | **emit ISAKMP Message: | initiator cookie: | 4a 77 bb 33 3f 04 e1 cd | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | discarding INTEG=NONE | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 2 (0x2) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 11 (0xb) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_GCM_C (0x14) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding INTEG=NONE | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 100 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_NON_LAST (0x2) | prop #: 3 (0x3) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 4 (0x4) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 13 (0xd) | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 116 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 436 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 10 f6 b0 6c 28 81 c0 71 ff 2a 96 f3 bd f1 bd ca | ikev2 g^x ee 05 ee d4 00 8f a4 04 49 f9 f2 5a 74 95 9d 68 | ikev2 g^x 4b 34 26 b3 1c 23 4b 25 7d 14 9d 33 71 70 55 82 | ikev2 g^x 19 8e 02 54 ca e5 d9 11 08 92 67 f1 a7 48 32 0d | ikev2 g^x e6 24 2d 09 db 5c 32 23 5d a3 38 a9 08 65 63 8f | ikev2 g^x 36 c8 3b ce 1d ea e8 c6 a4 c3 cb 67 bf 0d 5e 76 | ikev2 g^x 21 0e 00 c4 67 eb b6 51 54 c1 42 3b 67 e6 87 91 | ikev2 g^x 05 81 ee 1a e1 92 72 12 67 6b 97 37 4c d1 d8 64 | ikev2 g^x 8a b0 52 db 13 1a eb 0e a0 a8 78 a7 bf 9b d0 f7 | ikev2 g^x 2e 4a 0e 34 c5 61 18 31 d6 d6 ba dd a5 8f da f3 | ikev2 g^x c7 a8 fb 63 00 13 fa 6d 8f 63 30 4e 5e ae 38 b6 | ikev2 g^x 64 4e 4a dd 91 10 52 35 3e 6f a5 59 93 13 44 c9 | ikev2 g^x ea 9f 25 b7 76 30 3e 84 7b da 33 7c 74 25 01 b9 | ikev2 g^x 22 02 8b ca 58 2f cc 6c 87 14 79 0d 30 c0 f6 05 | ikev2 g^x 80 50 cd 14 90 8d e0 a5 b2 66 5d 6e 76 24 85 7a | ikev2 g^x 25 df ee 0b 76 ba e0 e2 6c b7 3c 31 46 63 02 9e | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 0f b4 36 08 e4 a3 16 63 2d 3c 3b ed 80 ac e7 47 | IKEv2 nonce a4 c8 81 5d bd 1e 57 d2 ee f0 e5 1e 36 f9 e1 55 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc7be5ea30 (length 8) | 4a 77 bb 33 3f 04 e1 cd | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc7be5ea38 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc7be5e964 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffc7be5e956 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc7be5e9e0 (length 20) | 16 20 f0 91 1c 04 7a 09 11 69 28 c7 66 c3 4a 40 | e0 3e 6e 50 | natd_hash: hasher=0x55f33b9e27a0(20) | natd_hash: icookie= 4a 77 bb 33 3f 04 e1 cd | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 16 20 f0 91 1c 04 7a 09 11 69 28 c7 66 c3 4a 40 | natd_hash: hash= e0 3e 6e 50 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 16 20 f0 91 1c 04 7a 09 11 69 28 c7 66 c3 4a 40 | Notify data e0 3e 6e 50 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffc7be5ea30 (length 8) | 4a 77 bb 33 3f 04 e1 cd | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffc7be5ea38 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffc7be5e964 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffc7be5e956 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffc7be5e9e0 (length 20) | ce b3 de e1 35 3d dd b1 00 22 62 31 2e 8b a8 02 | 99 7c 09 ed | natd_hash: hasher=0x55f33b9e27a0(20) | natd_hash: icookie= 4a 77 bb 33 3f 04 e1 cd | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= ce b3 de e1 35 3d dd b1 00 22 62 31 2e 8b a8 02 | natd_hash: hash= 99 7c 09 ed | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data ce b3 de e1 35 3d dd b1 00 22 62 31 2e 8b a8 02 | Notify data 99 7c 09 ed | emitting length of IKEv2 Notify Payload: 28 | ***emit IKEv2 Vendor ID Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Vendor ID Payload (43:ISAKMP_NEXT_v2V) | next payload chain: saving location 'IKEv2 Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 19 raw bytes of Opportunistic IPsec into IKEv2 Vendor ID Payload | Opportunistic IPsec 4f 70 70 6f 72 74 75 6e 69 73 74 69 63 20 49 50 | Opportunistic IPsec 73 65 63 | emitting length of IKEv2 Vendor ID Payload: 23 | emitting length of ISAKMP Message: 851 | stop processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #4 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #4: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #4 to 4294967295 after switching state | Message ID: IKE #4 skipping update_recv as MD is fake | Message ID: sent #4 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "westnet-eastnet-ipv4-psk-ikev2" #4: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 851 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #4) | 4a 77 bb 33 3f 04 e1 cd 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 03 53 22 00 01 b4 | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f | 28 00 01 08 00 0e 00 00 10 f6 b0 6c 28 81 c0 71 | ff 2a 96 f3 bd f1 bd ca ee 05 ee d4 00 8f a4 04 | 49 f9 f2 5a 74 95 9d 68 4b 34 26 b3 1c 23 4b 25 | 7d 14 9d 33 71 70 55 82 19 8e 02 54 ca e5 d9 11 | 08 92 67 f1 a7 48 32 0d e6 24 2d 09 db 5c 32 23 | 5d a3 38 a9 08 65 63 8f 36 c8 3b ce 1d ea e8 c6 | a4 c3 cb 67 bf 0d 5e 76 21 0e 00 c4 67 eb b6 51 | 54 c1 42 3b 67 e6 87 91 05 81 ee 1a e1 92 72 12 | 67 6b 97 37 4c d1 d8 64 8a b0 52 db 13 1a eb 0e | a0 a8 78 a7 bf 9b d0 f7 2e 4a 0e 34 c5 61 18 31 | d6 d6 ba dd a5 8f da f3 c7 a8 fb 63 00 13 fa 6d | 8f 63 30 4e 5e ae 38 b6 64 4e 4a dd 91 10 52 35 | 3e 6f a5 59 93 13 44 c9 ea 9f 25 b7 76 30 3e 84 | 7b da 33 7c 74 25 01 b9 22 02 8b ca 58 2f cc 6c | 87 14 79 0d 30 c0 f6 05 80 50 cd 14 90 8d e0 a5 | b2 66 5d 6e 76 24 85 7a 25 df ee 0b 76 ba e0 e2 | 6c b7 3c 31 46 63 02 9e 29 00 00 24 0f b4 36 08 | e4 a3 16 63 2d 3c 3b ed 80 ac e7 47 a4 c8 81 5d | bd 1e 57 d2 ee f0 e5 1e 36 f9 e1 55 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 16 20 f0 91 | 1c 04 7a 09 11 69 28 c7 66 c3 4a 40 e0 3e 6e 50 | 2b 00 00 1c 00 00 40 05 ce b3 de e1 35 3d dd b1 | 00 22 62 31 2e 8b a8 02 99 7c 09 ed 00 00 00 17 | 4f 70 70 6f 72 74 75 6e 69 73 74 69 63 20 49 50 | 73 65 63 | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f0520006900 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f0520002b20 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "westnet-eastnet-ipv4-psk-ikev2" #4: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x7f0520002b20 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #4 | libevent_malloc: new ptr-libevent@0x7f0520006900 size 128 | #4 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49587.063904 | resume sending helper answer for #4 suppresed complete_v2_state_transition() and stole MD | #4 spent 1.09 milliseconds in resume sending helper answer | stop processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f0514006900